Details

    • Branch Version/s:
      6.2.x, 6.1.x
    • Backported to Branch:
      Committed
    • Story Points:
      5
    • Fix Priority:
      3
    • Similar Issues:
      Show 5 results 

      Description

      Description
      After the Guest user session is invalidated, the Guest user cannot submit a webform.

      Steps to reproduce
      (1) Edit tomcat_home/webapps/WEB-INF/web.xml so that the session expires after 2 minutes.
      (2) Start Liferay 6.1 GA2
      (3) Deploy the webform portlet from the marketplace.
      (4) Sign out and wait on the page as a guest user for 3 minutes.
      (5) There is no message saying the session is invalidated.
      (6) Fill in the portlet's fields and click submit

      Expected Result: The Guest user should be able to submit the webform since there is no message saying the session has been invalidated.
      Actual Result: The Guest user is redirected to an error page that says forbidden.

      Branch 6.1.x - 5ed589324bcb74f3163c3beeefe1eadf62e5724a: Reproduced
      Master - 53472d3af4d5b74a0af9e82a9f9efaddc3e5de32: Can't test due to problems with the webform portlet in Master. The portlet deploys but does not function.

      61x-plugins GitID: 32d5fe1f1d482f2c034a281d56914736a050ca23
      Master-plugins GitID: 069b55b0371df1d9761287c85facb801f24de097

        Issue Links

          Activity

          Hide
          George Chi added a comment -

          not reproducible in 6.2 EE

          Show
          George Chi added a comment - not reproducible in 6.2 EE
          Hide
          George Chi added a comment -

          starting work.

          Show
          George Chi added a comment - starting work.
          Hide
          George Chi added a comment -

          this fix should allow sessions to be extended for all users, including guests. auto-extending sessions can be set in portal-ext.properties.

          Show
          George Chi added a comment - this fix should allow sessions to be extended for all users, including guests. auto-extending sessions can be set in portal-ext.properties.
          Hide
          George Chi added a comment - - edited

          the pull request has been reopened (a new one). it contains the original code.

          there is still a bug that will require a new LPS. on a clean bundle, if remember me is checked and the user logs in, a user will get a forbidden error if he submits a form using the web-form portlet if the sessions expires.

          for this fix: we removed the check for users that are signed in. if sessions auto-extend is configured, then we want that to apply for guest users too. secondly, we removed the remember me check because we're treating it like every other SSO mechanism, and liferay shouldn't care if remember me is checked when extending sessions. please note the bug mentioned above that still needs to be fixed.

          Show
          George Chi added a comment - - edited the pull request has been reopened (a new one). it contains the original code. there is still a bug that will require a new LPS. on a clean bundle, if remember me is checked and the user logs in, a user will get a forbidden error if he submits a form using the web-form portlet if the sessions expires. for this fix: we removed the check for users that are signed in. if sessions auto-extend is configured, then we want that to apply for guest users too. secondly, we removed the remember me check because we're treating it like every other SSO mechanism, and liferay shouldn't care if remember me is checked when extending sessions. please note the bug mentioned above that still needs to be fixed.
          Hide
          Serena Song (Inactive) added a comment - - edited

          PASSED Manual Testing following the steps in the description.

          Reproduced on:
          Tomcat 7.0.42 + MySQL 5.5.34. Portal 6.1.20 EE GA2.

          After 3 min there is no message saying the session has been invalidated annd the Guest user is redirected to an error page that says forbidden.

          Fixed on:
          Tomcat 7.0.40 + MySQL 5.5.34. Portal 6.1.X EE GIT ID: 459e6350f082676645750b34192696da01c8cc7b.
          Plugins 6.1.x EE GIT ID: 60022298470817c61772094ecae0422d85523d28.
          Tomcat 7.0.42 + MySQL 5.5.34. Portal master GIT ID: 5d44180b6290202dcb0f47525fc68be0c6fe2584.
          Plugins master GIT ID: 7c8bdbf1df9d38215f0d595a0a04521b62afb2ad.
          Tomcat 7.0.42 + MySQL 5.5.34. Portal ee-6.2.x EE GIT ID: be89d58b8310ba2971bc7028379d437f24a7e36c.
          Plugins ee-6.2.x EE GIT ID: ad507c092cd064e4ea48a3eadbd3b7e782d912d6.

          Guest user can not send a webform successfully when the seesion is invalidated and sessions can be extended for all users, include Guest user.

          • 6.1.X EE Result:
            • After 3 minutes, session expired message displays and then guest user send webform will redirect to the error page that says forbidden. After the Guest user session is invalidated, the Guest user cannot send a webform.
          • Master Resuult:
            • After 3 minutes, session expired message displays and then guest user can send webform but Liferay does not save any of his form data. Only refresh the page and then guest user can send a webform successfully.
          • 6.2.X Result:
            • After 3 minutes, session expired message displays and then guest user can send webform but Liferay does not save any of his form data. Only refresh the page and then guest user can send a webform successfully.
          Show
          Serena Song (Inactive) added a comment - - edited PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0.42 + MySQL 5.5.34. Portal 6.1.20 EE GA2. After 3 min there is no message saying the session has been invalidated annd the Guest user is redirected to an error page that says forbidden. Fixed on: Tomcat 7.0.40 + MySQL 5.5.34. Portal 6.1.X EE GIT ID: 459e6350f082676645750b34192696da01c8cc7b. Plugins 6.1.x EE GIT ID: 60022298470817c61772094ecae0422d85523d28. Tomcat 7.0.42 + MySQL 5.5.34. Portal master GIT ID: 5d44180b6290202dcb0f47525fc68be0c6fe2584. Plugins master GIT ID: 7c8bdbf1df9d38215f0d595a0a04521b62afb2ad. Tomcat 7.0.42 + MySQL 5.5.34. Portal ee-6.2.x EE GIT ID: be89d58b8310ba2971bc7028379d437f24a7e36c. Plugins ee-6.2.x EE GIT ID: ad507c092cd064e4ea48a3eadbd3b7e782d912d6. Guest user can not send a webform successfully when the seesion is invalidated and sessions can be extended for all users, include Guest user. 6.1.X EE Result: After 3 minutes, session expired message displays and then guest user send webform will redirect to the error page that says forbidden. After the Guest user session is invalidated, the Guest user cannot send a webform. Master Resuult: After 3 minutes, session expired message displays and then guest user can send webform but Liferay does not save any of his form data. Only refresh the page and then guest user can send a webform successfully. 6.2.X Result: After 3 minutes, session expired message displays and then guest user can send webform but Liferay does not save any of his form data. Only refresh the page and then guest user can send a webform successfully.
          Hide
          Jorge Ferrer added a comment -

          Just started reviewing :)

          Sent from GH.

          Show
          Jorge Ferrer added a comment - Just started reviewing :) Sent from GH .
          Hide
          Jorge Ferrer added a comment -

          Reopening because the original solution was wrong and has caused several regressions

          Show
          Jorge Ferrer added a comment - Reopening because the original solution was wrong and has caused several regressions
          Hide
          Lu Liu added a comment - - edited

          PASSED Manual Testing following the steps in the description.

          Reproduced on:
          Tomcat 7.0.42 + MySQL 5.5.21. Portal 6.1.20 EE GA2.

          After 3 mins there is no message saying the session has been invalidated and the Guest user is redirected to an error page that says forbidden.

          Fixed on:
          Tomcat 7.0.42 + MySQL 5.5.34. Portal master GIT ID: d5aa7c062f0b04bd3e272d252b3f20d5338765a0.
          Plugins master GIT ID: e3dc8c2af1f88440f5044509e1150fccabdf703f.
          Tomcat 7.0.40 + MySQL 5.5.21. Portal ee-6.1.x GIT ID: 67eb3f7f6b55c1a6f995858cabe43c08a48fef76.
          Plugins ee-6.1.x GIT ID: 48c6d80885af92ea540e8c8f27178a20fe1156d0.
          Tomcat 7.0.42 + MySQL 5.5.21. Portal ee-6.2.x EE GIT ID: 27cd3794f7d2d21d39f97943379e585c3af3ffc2.
          Plugins ee-6.2.x GIT ID: 329df0832763b0628bc38c184ba9ff632fd3160b.

          The Guest user is able to submit the web form immediately, and no session warning message displays for guest.

          Show
          Lu Liu added a comment - - edited PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0.42 + MySQL 5.5.21. Portal 6.1.20 EE GA2. After 3 mins there is no message saying the session has been invalidated and the Guest user is redirected to an error page that says forbidden. Fixed on: Tomcat 7.0.42 + MySQL 5.5.34. Portal master GIT ID: d5aa7c062f0b04bd3e272d252b3f20d5338765a0. Plugins master GIT ID: e3dc8c2af1f88440f5044509e1150fccabdf703f. Tomcat 7.0.40 + MySQL 5.5.21. Portal ee-6.1.x GIT ID: 67eb3f7f6b55c1a6f995858cabe43c08a48fef76. Plugins ee-6.1.x GIT ID: 48c6d80885af92ea540e8c8f27178a20fe1156d0. Tomcat 7.0.42 + MySQL 5.5.21. Portal ee-6.2.x EE GIT ID: 27cd3794f7d2d21d39f97943379e585c3af3ffc2. Plugins ee-6.2.x GIT ID: 329df0832763b0628bc38c184ba9ff632fd3160b. The Guest user is able to submit the web form immediately, and no session warning message displays for guest.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 2 weeks, 3 days ago

                Development

                  Structure Helper Panel