UI does not return to login / SSO token not renewed in certain UI areas when session expires
Summary
When navigating the GitLab UI there is inconsistency in the handling of session/token expiration from certain areas of the UI. Where the user would expect to be returned to either the login page or the SSO token renewed they are left on the current page with no evidence that the login session is no longer valid. This leads to a confusing user experience when performing queries etc. where the lack of data returned could be construed as a false negative
.
Steps to reproduce
- Login/authenticate to GitLab
- Navigate to one of the following locations (where data is available):
<project>/-/pipelines
<project>>/container_registry
<project>/-/packages
- (likely any similar page)
- Perform a query, note the results
- Invalidate the session (e.g. via
.../-/profile/active_sessions
) - Attempt a further query (note you are not returned to the login page)
It is not until you navigate away or refresh the page that it's clear the session has expired.
Example Project
Should be reproducible on GitLab.com/Self-managed with any project that has data
What is the current bug behavior?
Valid query results:
Invalidate the user's session (or SSO timeout etc.):
- Perform a further query:
Results are misleading. Similar in other UI areas.
What is the expected correct behavior?
When entering a new search/criteria and the user's session is no longer valid, the user should be returned to the login screen or the SSO token refreshed to ensure the results are complete and accurate:
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Reported on GitLab.com ZD Ticket (internal), reproduced on 15.2.3-ee Self-Managed.
Possible fixes
The simplest workaround is to refresh the page before performing a new search to be certain the session is current.