Skip to content

fix an issue expired app session won't redirect to login on DynamoDB backend#53238

Merged
greedy52 merged 3 commits intomasterfrom
STeve/53091_fix_expired_app_session
Mar 31, 2025
Merged

fix an issue expired app session won't redirect to login on DynamoDB backend#53238
greedy52 merged 3 commits intomasterfrom
STeve/53091_fix_expired_app_session

Conversation

@greedy52
Copy link
Copy Markdown
Contributor

@greedy52 greedy52 commented Mar 20, 2025
edited
Loading

fixes #53091:

changelog: fix an issue expired app session won't redirect to login page when Teleport is using DynamoDB backend

related:

App session object may still be retrievable after it expires with DynamoDB backend. Old ttlmap will cause authenticate to fail as it won't create a new session when TTL is negative. However, this is not the case with FnCache replacement. Instead of fixing the AccessPoint cache or the local FnCache, this quick fix adds an explicit check on app session's Expiry. Better solution should be explored to fix the general issue but i would like to deliver this quick fix now.

@greedy52 greedy52 self-assigned this Mar 20, 2025
@greedy52 greedy52 force-pushed the STeve/53091_fix_expired_app_session branch from 114ae8f to f426020 Compare March 20, 2025 18:07
@greedy52 greedy52 mentioned this pull request Mar 20, 2025
Merged
@greedy52 greedy52 requested a review from gabrielcorado March 20, 2025 19:14
@greedy52 greedy52 marked this pull request as ready for review March 20, 2025 19:15
@github-actions github-actions Bot requested a review from bernardjkim March 20, 2025 19:15
@github-actions github-actions Bot requested a review from timothyb89 March 20, 2025 19:15
bernardjkim
bernardjkim approved these changes Mar 21, 2025
View reviewed changes
Comment thread lib/web/app/handler_test.go
server.StartTLS()
t.Cleanup(func() {
// Close fake remote site first to make sure fake listener quits.
fakeRemoteSite.Close()
Copy link
Copy Markdown
Contributor

@bernardjkim bernardjkim Mar 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we still require that Close does not return an error?

espadolini
espadolini reviewed Mar 24, 2025
View reviewed changes
Comment thread lib/web/app/handler.go Outdated
@greedy52 greedy52 requested a review from espadolini March 26, 2025 13:45
@greedy52 greedy52 added this pull request to the merge queue Mar 31, 2025
Merged via the queue into master with commit 93962e1 Mar 31, 2025
40 checks passed
@greedy52 greedy52 deleted the STeve/53091_fix_expired_app_session branch March 31, 2025 13:50
@backport-bot-workflows
Copy link
Copy Markdown
Contributor

backport-bot-workflows Bot commented Mar 31, 2025

@greedy52 See the table below for backport results.

Branch Result
branch/v17 Create PR

@greedy52 greedy52 mentioned this pull request Mar 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@espadolini espadolini espadolini approved these changes

@bernardjkim bernardjkim bernardjkim approved these changes

Assignees

@greedy52 greedy52

Labels

backport/branch/v17 size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Expired client certificates for application access not prompting re-authentication

3 participants

@greedy52 @espadolini @bernardjkim