cylc-uiserver icon indicating copy to clipboard operation
cylc-uiserver copied to clipboard
verified publisher icon cylc

WebSocket connection sends data after user has logged out

Open kinow opened this issue 5 years ago • 6 comments

Describe the bug

@dwsutherland reviewed https://github.com/cylc/cylc-uiserver/pull/124#pullrequestreview-457164367 and his comment raised an interesting point: what happens to the WebSocket connection after the user logs off?

The answer is that the WebSocket connection keeps sending data. Tested on both master and on that PR's branch. New connections will be blocked after that PR is merged. But the existing connection is never terminated.

Release version(s) and/or repository branch(es) affected?

master (and also using the UIS PR for websocket auth decorator).

Steps to reproduce the bug

Start Cylc 8 env, open the browser console, look under Network for WS connections. Leave it open. In another tab log out of JupyterHub.

Expected behavior

The messages are supposed to stop, probably a connection terminated or broken connection error for the WebSocket too.

Screenshots

image

Additional context

Pull requests welcome! This is an Open Source project - please consider contributing a bug fix yourself (please read CONTRIBUTING.md before starting any work though).

kinow avatar Jul 30 '20 00:07 kinow

The UI Server keeps running too. The singleuser-app (Notebook app running with JupyterHub) has the same behaviour.

The Notebook app also has a WebSocket connection. After you log out, you can still evaluate cells too, and the WebSocket gets the data. There's a "Forbidden" message added to the UI, but that doesn't stop requests.

image

kinow avatar Jul 30 '20 01:07 kinow

Is this more a UIServer issue, right? i.e. the UIS needs to close the connection after logout?

dwsutherland avatar Jul 30 '20 01:07 dwsutherland

Yeah, let me transfer that to the UIS @dwsutherland . And there is also a related issue in JupyterHub (which looks like I linked in another issue already, even though I have no recollection of doing so :rofl: )

https://github.com/jupyterhub/jupyterhub/issues/1780

kinow avatar Jul 30 '20 01:07 kinow

after the user logs off?

Is this after they have logged off from JupyterHub?

oliver-sanders avatar Aug 02 '21 14:08 oliver-sanders

Yes, if you have another tab open with a WebSockets connection, then that connection will keep receiving data, unless the UIS is shut down.

kinow avatar Aug 02 '21 21:08 kinow

Hmm, curious, I think this is ok, logging out of JupyterHub deactivates auto-authentication from your current browser session.

If you have logged out of JupyterHub your server is still running and still capable of doing things. Even if JupyterHub goes down your server is still fine, it just can't access authentication services to authenticate new sessions.

We could still have token-based auth (e.g. Cylc jobs communicating via the UIS) and open connections that had been previously authenticated.

Jupyter Lab wouldn't shut down your kernels in this situation but they could still be providing you with data even though you have logged out of JupyterHub.

oliver-sanders avatar Aug 03 '21 09:08 oliver-sanders