Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-16675

Implement HPCC Session Management

    Details

    • Compatibility:
      Major

      Description

      Because ESP is stateless, ECLWatch sends user credentials via unsecure HTTP with most requests. Users are unable to log out of ECLWatch, and because browsers cache credentials, to log in as another user requires clearing the browser cache or entering anonymous mode.
      A better approach is to implement HPCC Sessions, where a user is initially authenticated via an HTTPS login screen, and granted a session ID. This session ID used for further request/responses, all via HTTPS

        Attachments

          Issue Links

          1.
          Implement ConfigMgr Session Management Sub-task Resolved Russ Whitehead
          2.
          Implement Sec Mgr Session Management Sub-task Resolved Russ Whitehead
          3.
          Implement ESP Session Management Sub-task Resolved Kevin Wang
          4.
          Implement ECLWatch Session Management Sub-task Resolved Miguel Vazquez
          5.
          Cookie detection for session management Sub-task Resolved Miguel Vazquez
          6.
          Investigate why encrypted UN/pwd is saved in workunit Sub-task Resolved Russ Whitehead
          7.
          Provide 'remember login' feature Sub-task Resolved Miguel Vazquez
          8.
          Attach a user profile to each user login account Sub-task Resolved Miguel Vazquez
          9.
          Implement public key encryption of workunit security token Sub-task Resolved Russ Whitehead
          10.
          Force https configuration if security is set Sub-task Resolved Kevin Wang
          11.
          Add logout feature with redirect upon success Sub-task Resolved Kunal Aswani
          12.
          Missing strings due to path issue after build Sub-task Resolved Michael Gardner
          13.
          Add internal timer to ECLWatch to initiate a logout Sub-task Resolved Miguel Vazquez
          14.
          Session management for password expired Sub-task Resolved Kevin Wang
          15.
          UI failed to redirect to login page when two tabs are open Sub-task Resolved Miguel Vazquez
          16.
          ESP log should hide user password from login page Sub-task Resolved Kevin Wang
          17.
          ConfigMgr ESP Sessions tab needs some updates Sub-task Resolved Russ Whitehead
          18.
          Cannot view ECLWatch page from IDE without logging in again Sub-task Resolved Gordon Smith
          19.
          DALI should report interface version on session registration Sub-task Resolved Russ Whitehead
          20.
          Enhance Security credentials to include ESP Session and signature Sub-task Resolved Russ Whitehead
          21.
          Differentiate between user and auto refresh to reset timers accordingly Sub-task Resolved Miguel Vazquez
          22.
          HTPasswd security manager needs to support session Sub-task Resolved Russ Whitehead
          23.
          Add utilitarian esp/ call for resetting timer based on user events Sub-task Resolved Kevin Wang

            Activity

              People

              • Assignee:
                russwhitehead Russ Whitehead
                Reporter:
                russwhitehead Russ Whitehead
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: