Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-20356

Inappropriate use of re-authentication page


    • Type: Improvement
    • Status: Scheduled
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: ESP
    • Labels:
    • Compatibility:


      I have a private installation in a VM. I load ECL Watch and keep it open. After some amount of time, I am challenged to re-authenticate. I understand that timing out sessions is a designed feature, but I see multiple issues with the current implementation:

      1. I never authenticated. I never set a username or password, and have no idea what it expects for re-authentication. Pressing Unlock without entering values has no effect. Perhaps timed out sessions not associated with a credentialed user should merely report the timeout and provide a reconnect option.
      2. I can't enter a username value. I click in the field and the carat is displayed without blinking, and no key input is accepted. I am using Firefox (both in Ubuntu and on Windows), in case this is a browser issue.
      3. If I remove the path from the URL and reload the page, I get back into ECL Watch without authenticating. It seems wrong for an authentication challenge to be so easily bypassed.




            • Assignee:
              miguelvazq Miguel Vazquez
              klemti01 Tim Klemm
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created: