pupcloud
pupcloud copied to clipboard
proofrock
Browser shares the cookies among all the open sessions to that general address
A few days ago I made an expiring share in latest beta pupcloud on Docker.
(date just for example, actual date was earlier)
But it never seems to expire............
Did I do something wrong? Not enabled in this version? Is my memory of setting the share to expire wrong (could be)?
Can someone check it?
EDIT: I actually got a "Link Expired" message, but then was able to login and continue........ I did not clean the browser cache in between.
Copied the url to a new browser. And now I cannot login anymore with "Link expired".
After logout I cannot log in anymore. That's OK. .... and I can login again.......???
So just as log as you do not logout and keep your browser open ....... Let's test some more!
Thanks! But sorry, I can't follow you:
- if you log out, can you log in with an expired link or not?
- when a link expires and the browser window is open, does it log you out or not?
I tested this behaviour for some time, but it's quite difficult to test properly, at midnight I'm generally in another world (I know, I know, I am getting old it seems). So any pointer here on what to test will be precious.
I wrote this post late at night and incremental. Let me take a more structured approach now.
Question: Does a share expire at midnight on the date picked or after the day? For example: date to expire 25th may. Does it expire on midnight between 24th an 25th or between 25th and 26th.
Issue: pupcloud is latest beta docker
In a browser I have 2 tabs:
- share user John that does not expire
- share user James that does expire (if url copied to other browser it works as expected)
- After docker has been stopped (for the night) and restarted 1 - if I log in on "James" I get "link expired" (OK) 2 - if I then login on "John" I can login after "wrong password invalid address". I expect this. 3 - if I then login into "James" I can login (?) No more "Link Expired". 4 - If I copy both shares into another (private, no cookies) browser I see the same behaviour.
This all works as long as the browser is open or I have the links.
After some more testing: James logs in on the John session (url says "James").
I know this is a very fringe case. And this is not actually a (big) security risk.
After some more testing: James logs in on the John session (url says "James").
How can you see that? Does James visualize John's files?
I (test) share other files (directory's)with John and James. So I know who is John and who isJames.
And I says so in the url.
If the James session is expired he can login on the John session if they use the same browser and John session is open in that browser.
Ouch, that's why. It seems the browser shares the cookies among all the open sessions to that general address. So this is not particularly related to expiration, is it? If you agree, could you kindly change the subject so that we can properly track the issue? I'll think about a possible solution. Maybe putting the profile in the cookie is a way.
Taking a well earned vacation? ;-)
You're perfectly right, in the last months I've been busy in a thousand things, and I don't have the necessary focus. If things don't change in the near future, I'll declare a suspension of the project, to set expectations for people 🙁 Although I wouldn't want to. Sorry.
No problem!
Life comes first.
pupcloud is already OK as it is.
We’ll see you back when you find the necessary focus.
Just to confirm I hit the same issue when coming to deploy Pupcloud. Hopefully you won't suspend the project as it is a nice alternative to Filebrowser (I have offered both to users for one share, and some prefer Pupcloud over Filebrowser).
Do you even have an estimate of when you might be back and possibly in a position to look at the issue? Absolutely not pressing the situation, but if you know it is "unlikely" I can cancel the planned roll-out or manage expectations accordingly.
I am hoping, based on my own experiences, a few nice UI change requests, and a browse of issues, that Pupcloud is already quite established so it shouldn't be a problem child for you going forward.
Do you even have an estimate of when you might be back and possibly in a position to look at the issue?
Hi! I'm currently travelling through Malaysia, and I'm trying to dedicate some time to it. Today I'll have some time, and hopefully in the next days. Anyway, this is just how browsers work, so any solution is a workaround. I may be able to put the session in the URL (that isn't shared among the tabs) and propagate it, but it's a fragile solution, there are many points that modify the URL and I'd need to keep all of them into account.
How much is this actually a problem? I mean: is it a common usage pattern to open several pup sessions in different tabs?
Thanks!
@marioscube @DarrenPIngram could you kindly test the version I compiled at this address? It should fix, but I don't know if I caught all the WS calls, so it's a lot better to have testing, if you're so kind.
What I did is to avoid using cookies and use the session storage, which should not be shared between tabs. It's sort of non-standard, I actually switched to cookies because it was the right way to do session management; but there's this problem about tabs, so... back to session storage.
I like you remote workplace! Enjoy it ;-)
I wil try to test later today or tomorrow.
Initial testing of this beta version has yielded positive results, with two separate shares (from different points in a master directory) sharing "correctly".
e.g. share /path/dir/dir1 and /path/dir/dir2 working when share is made from /path/dir level to two different shares with different passwords.
Thank you for working hard from your mobile office!
On Sun, 31 Jul 2022 at 09:52, Germano Rizzo @.***> wrote:
😂there are worse offices indeed! Take your time, and thanks!
— Reply to this email directly, view it on GitHub https://github.com/proofrock/pupcloud/issues/50#issuecomment-1200361903, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABV5MADYBRWOM6JTFWSQLYLVWYPC3ANCNFSM5WTD2NXA . You are receiving this because you were mentioned.Message ID: @.***>
"How much is this actually a problem? I mean: is it a common usage pattern to open several pup sessions in different tabs?" Even though you fixed it, I will comment. For me it can be an issue (I also use Filebrowser) and share a number of different, err, shares. In the Pupcloud case, if you had accessed share 1 and then had share2 to visit, using share2's link you'd (then get) share1 and that could confuse. There are reasons why the full "directory" could not be shared, think six sub dirs from "master" but you may only want to share 3 of them and not to the same groups.
On Sat, 30 Jul 2022 at 05:37, Germano Rizzo @.***> wrote:
Do you even have an estimate of when you might be back and possibly in a position to look at the issue?
Hi! I'm currently travelling through Malaysia, and I'm trying to dedicate some time to it. Today I'll have some time, and hopefully in the next days. Anyway, this is just how browsers work, so any solution is a workaround. I may be able to put the session in the URL (that isn't shared among the tabs) and propagate it, but it's a fragile solution, there are many points that modify the URL and I'd need to keep all of them into account.
How much is this actually a problem? I mean: is it a common usage pattern to open several pup sessions in different tabs?
Thanks!
— Reply to this email directly, view it on GitHub https://github.com/proofrock/pupcloud/issues/50#issuecomment-1200070155, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABV5MAEX3J5KQABJU6MXXJ3VWSIO7ANCNFSM5WTD2NXA . You are receiving this because you commented.Message ID: @.***>
@proofrock I think the issue has been resolved. Everything behaves as I expect it to. I will test some more in the coming week (waiting for expiry dates) but if I do not report back, then the issue can be closed if it's up to me.
Just further enjoy our stay in south-east Asia.
Thanks to the both of you. If I don't get any red flag in a week, I'll publish a new version. Have a good day!