SPICE console token behavior potentially degrading user experience
Problem/Opportunity Statement
Exosphere exposes a link to an instance's SPICE/JS console, for example, on the instance's details page. Though I have not been able to consistently recreate the behavior, sometimes attempting to open the console will indefinitely present a window with a blank grey screen:
There seem to be two plausible circumstances under which this can happen:
- The SPICE console is very strict about enforcing that only one window can be visible at any given time. Attempting to open multiple tabs/windows, even with the same URL/token, usually results in the older window being greyed out and the newer window "stealing" the console. The logic may be more sophisticated, though, than "the newer window wins," so even repeated attempts to open the console through Exosphere yield only a grey screen.
- (This one seems more correct to me) By performing certain actions (or maybe even just leaving the instance details page open too long), the token embedded in Exosphere's "console" button's target URL can become expired/invalidated, meaning that no amount of attempts to open the console with that token/URL will yield results.
By forcing a hard-refresh of the instance details page (e.g. with ctrl+shift+r
on Windows or cmd+shift+r
on MacOS), it appears that you can force Exosphere to grab a fresh token, noticeable from the resulting browser tab's spice_auto.html?token=...
Forcing a refresh seems to be a reliable fix; however, it's not immediately obvious to users that this might be the case. Even if they suspect that the issue is with their browser, they are likely to simply copy the URL from their existing tab into a new browser or incognito window (which will not fix anything, since the token embedded there doesn't work).
What would success / a fix look like?
A relatively straightforward/elegant fix for this is only really possible if there exists a way to check the validity of a token with the console's backend service. If that is the case, then instead of the "console" button being a simple URL, it could perhaps execute some simple logic to check the validity of the token and, in the case that it's expired/invalid, request a new one before opening the console tab.
A more wasteful solution may be to simply generate/request a brand-new token every time the "console" button is pressed.
Remarks
The impact of this issue is comparatively very small; there is little reason for the vast majority of users to even touch the SPICE console in the first place. That said, it was noticed/observed by a Jetstream2 user and brought up as a concern in a support ticket, so for the sake of posterity I am attempting to document it with this issue.