Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66292

Jenkins sessions with GitHub OAuth time out quickly, breaking usability

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Component/s: github-oauth-plugin
    • Labels:
      None
    • Environment:
      Jenkins core 2.289.2, GitHub Authentication plugin 0.33, GitHub API Plugin 1.123
    • Similar Issues:

      Description

      I have a Jenkins instance set up with GitHub authentication, and "per se" it works... for a short while after I click the Jenkins "log in" button.

      Within a few hours (did not clock it reliably, but under 8hr; by some accounts may be as short as 1-2hrs) the session quietly becomes invalid, so any activity like clicking a POST button that needs a session (e.g. Refresh in the $JENKINS_URL/computers page, or RUN in a Replayed pipeline opened and edited earlier) is doomed to fail, forget my request, and lead me to a page that offers to log in again. The latter example is most prominently annoying, since the edited replayed pipeline contents get lost, and while setting up this CI farm with its complicated workflows, the running time of an experimental build iteration can be enough to time out the session.

      Also that seems to happen for every open tab in the browser, so provisionally logging in on another timed-out page does not make my sessions valid again in the other tabs. I suppose "crumbs" protection plays a role here, so when I click some button for the authenticated action in the page whose HTML contents were fetched and remembered by browser a few hours ago, those include (and re-POST) a token that is not valid anymore. Setting up the "proxy-friendly" less secure crumbs checkbox did not help however. At least, the error typically looks like:

      HTTP ERROR 403 No valid crumb was included in the request

      URI: /job/nut/job/nut/job/master/lastBuild/replay/run
      STATUS: 403
      MESSAGE: No valid crumb was included in the request
      SERVLET: Stapler

      Powered by Jetty:// 9.4.41.v20210516

       

      If it would be possible to configure the timeouts, or just set them longer (say at least 24-30 hours, to survive some daily employee routine that would refresh the session), it would already help a lot

      I am not sure whether a "bug" or "improvement" classification fits better here. I went for "bug" since this authentication workflow breaks compromises the practical usability of the Jenkins instance... but in short term after a log in, it does work decently.

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            Assignee:
            sag47 Sam Gleske
            Reporter:
            jimklimov Jim Klimov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: