Bug 6230 - Prevent "stealing" of connected session when using group accounts
Summary: Prevent "stealing" of connected session when using group accounts
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Pierre Ossman
Depends on:
Reported: 2017-04-11 08:15 CEST by Henrik Andersson
Modified: 2023-10-10 15:49 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:


Description Henrik Andersson cendio 2017-04-11 08:15:58 CEST
Currently if one uses a group account, eg one user account for several physical users, users can steal sessions from each other. As per request in issue 22873, the solution would be that when a user connects to the ThinLinc cluster he will either reconnect to existing unconnected session or create a new session.
Comment 3 Pierre Ossman cendio 2018-10-02 13:36:06 CEST
Some clarification; the client does by default reconnect to an unconnected session. However it only does this if there is just _one_ disconnected session. If there are multiple then it queries the user, and the list will include all sessions and not just the disconnected ones.

The customer seems to want something more fool proof that avoids asking the user in any case, either picking _any_ disconnected session, or always creating a new one.

The user was happy with using MaxDisconnectTimeout though, so perhaps something akin to SunRay's kiosk mode would have been the ideal?

Note You need to log in before you can comment on or make changes to this bug.