The only possible ways to achieve this: 1) incognito tabs (should work) 2) different browsers
I'm not aware of other ways to isolate browser session It is can be done on server But it will be HUGE changes :((( On Fri, 27 Mar 2020 at 22:16, Daniel Baker <[email protected]> wrote: > Would it not be beneficial to be able to have the user be able to > have access to different rooms at the same time without receiving an > error? > > > > On 27/03/2020 15:07, Maxim Solodovnik wrote: > > `open in same browser` > This is the question I have asked million times .... > multiple tabs/windows share _the same_ session > You can't be loggen in with different hashes and have same session > > once in ~30 seconds page ping back to refresh session > and you got "Access denied" > expected > > On Fri, 27 Mar 2020 at 21:54, Daniel Baker <[email protected]> > wrote: > >> Yes I can reproduce this. >> >> >> If I have 2 different rooms ( room 29 , 31 ) open in same browser >> invalid hash is shown. >> >> It also happens if I have 2 rooms the same ( 29, 29, ... ) >> >> >> It actually takes * some time, 30 seconds* or so for the Invalid >> hash error to show. >> >> >> Thanks, >> >> >> Dan >> On 27/03/2020 05:07, Maxim Solodovnik wrote: >> >> Well, >> >> just tested hashes >> This error is only observed in case multiple tabs are opened in the same >> browser >> >> Is this issue reproducible for you if there is only one user in the room? >> >> Can you test this behavior with latest M4 >> (new version of Moodle plugin will be required) >> >> On Thu, 26 Mar 2020 at 14:12, Maxim Solodovnik <[email protected]> >> wrote: >> >>> According to above access log >>> This URL >>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >>> has been queried 2 times >>> First one was >>> >>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >>> Second >>> >>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >>> >>> Since secureHash is one-time hash here might be the issue >>> It is not clear why session was invalidated ..... >>> I'll try to perform more test tonight/tomorrow >>> >>> On Thu, 26 Mar 2020 at 13:49, Daniel Baker <[email protected]> >>> wrote: >>> >>>> No other OM logins. >>>> >>>> >>>> I actually titled this wrong, it is a REST call not SOAP. >>>> >>>> >>>> Thanks, >>>> >>>> >>>> Dan >>>> >>>> >>>> On 26/03/2020 00:27, Maxim Solodovnik wrote: >>>> >>>> is it possible OM was opened in second tab with active login? >>>> >>>> On Thu, 26 Mar 2020 at 04:15, Daniel Baker <[email protected]> >>>> wrote: >>>> >>>>> Not sure why I am getting this during entering of a room : >>>>> >>>>> >>>>> I get invalid hash / Access denied show in the browser: >>>>> >>>>> >>>>> [image: image] >>>>> >>>>> >>>>> The url looks like this which seems correct to my understanding : >>>>> >>>>> >>>>> tail -f localhost_access_log.2020-03-25 >>>>> >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +0000] "GET >>>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" >>>>> 200 96 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:27 +0000] "POST >>>>> /openmeetings/services/user/hash?&sid=973f7132-39f7-47d0-b614-7845c4ed0411 >>>>> HTTP/1.1" 200 96 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >>>>> /openmeetings/hash?&secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >>>>> HTTP/1.1" 200 7231 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >>>>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >>>>> /openmeetings/css/theme.css HTTP/1.1" 304 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "GET >>>>> /openmeetings/css/custom.css HTTP/1.1" 304 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "-" 400 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:28 +0000] "-" 400 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +0000] "GET >>>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" >>>>> 200 96 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:29 +0000] "GET >>>>> /openmeetings/services/room/32?&sid=25d019cb-728c-4c7e-a88e-88910b3eae51 >>>>> HTTP/1.1" 200 444 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +0000] "GET >>>>> /openmeetings/services/user/login?&user=admin&pass=PASSWORD%40 HTTP/1.1" >>>>> 200 96 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:30 +0000] "POST >>>>> /openmeetings/services/user/hash?&sid=bd8227ad-88d1-41ba-b4ce-69239844e5a1 >>>>> HTTP/1.1" 200 96 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +0000] "GET >>>>> **/openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?0-1.0 >>>>> *-access~denied*&secure=9c271470-cfaa-4e95-9d64-**9210b9e4a7cc&language=1&_=1585164268523 >>>>> HTTP/1.1" 200 180 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:32 +0000] "GET >>>>> /openmeetings/hash;jsessionid=CE0DC1A368404F8AFDCE934313E81C96?secure=9c271470-cfaa-4e95-9d64-9210b9e4a7cc&language=1 >>>>> HTTP/1.1" 200 7328 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "-" 400 - >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "GET >>>>> /openmeetings/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initializer/kendo.default.mobile.min-ver-70A144DCABA4386C973AE2446CA25F3D.css >>>>> HTTP/1.1" 200 111339 >>>>> XX.XXX.XXX.XXX - - [25/Mar/2020:19:24:33 +0000] "GET >>>>> /openmeetings/css/theme_om/jquery-ui.min.css HTTP/1.1" 304 - >>>>> >>>>> >>>>> >>>>> OM Version : >>>>> >>>>> >>>>> Name OpenMeetings Version5.0.0-M3 Revisionb739f87 Build >>>>> date2019-12-11T11:42:09Z >>>>> >>>>> >>>>> I can see access denied in the log so that pinpoints it somewhat. >>>>> Is there a way to see my SOAP call is correct or a verbose logging >>>>> mode ? >>>>> >>>>> Thanks, >>>>> >>>>> Dan >>>>> >>>> >>>> >>>> -- >>>> WBR >>>> Maxim aka solomax >>>> >>>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>> >> >> >> -- >> WBR >> Maxim aka solomax >> >> > > -- > WBR > Maxim aka solomax > > -- WBR Maxim aka solomax
