Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kibana doesn't redirect to correct page after session expiration #57113

Closed
jportner opened this issue Feb 7, 2020 · 2 comments · Fixed by #57157
Closed

Kibana doesn't redirect to correct page after session expiration #57113

jportner opened this issue Feb 7, 2020 · 2 comments · Fixed by #57157
Assignees
@jportner
Labels
bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jportner
Copy link
Contributor

jportner commented Feb 7, 2020

Kibana version: master

Describe the bug: When a user gets logged out from session expiration, their path is preserved in the URL's next query parameter. After the user logs in again, they should be redirected back to the previous page. This is not working properly; the user is simply landing on the /app/kibana page instead.

Steps to reproduce:

  1. Start Kibana with xpack.security.session.lifespan: 90000
  2. Log in and navigate to any app (such as a Dashboard)
  3. Wait for the session to expire
  4. Log in again

Expected behavior: The user should be redirected to the page they were previously on.

Screenshots (if relevant):

redirect-bug-lowfr
@jportner jportner added bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Feb 7, 2020
@jportner jportner self-assigned this Feb 7, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@jportner jportner mentioned this issue Feb 7, 2020
Merged
@jportner
Copy link
Contributor Author

jportner commented Feb 7, 2020

This is happening because the Security plugin code that creates the redirect URL (with next query param) is stripping the basePath out. Then when the login page's triggers parseNext, it fails to detect this as a valid path and redirects the user to the basePath as a failsafe.

@jportner jportner mentioned this issue Feb 7, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jportner jportner

Labels
bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix login redirect for expired sessions jportner/kibana
2 participants
@jportner @elasticmachine