Bug 7846 - Terminating a session may accidentally abandon it
Summary: Terminating a session may accidentally abandon it
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Server (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: MediumPrio
Assignee: Bugzilla mail exporter
Depends on:
Reported: 2022-03-01 12:23 CET by William Sjöblom
Modified: 2022-03-01 13:04 CET (History)
0 users

See Also:
Acceptance Criteria:


Description William Sjöblom cendio 2022-03-01 12:23:45 CET
When adding the capability to terminate and abandon sessions to tlctl
(under bug 7833), we identified a race in the choice of abandoning or
terminating a session.

If an agent becomes unreachable in the time between that when the client
application requests the the list of sessions (or since the sessions
were last verified if the `get_sessions' RPC call did not have the
verify flag set) we run the risk of unconsciously abandoning a session
residing on that agent. This is because the choice between abandoning
and terminating is handled entierly on the client side based on the
session `status' field received from the server. On the server side,
abandon and terminate shares the same RPC call without any mean of
diffrentiating the two operations. Since abandoning sessions will leave
stray processes that are no longer kept track of by the master server,
this is less than optimal, especially in clusters where there are no
limits on session life-time given to Xvnc.

In this scenario, the button in the details view in the session list
will say "Terminate" instead of "Abandon" in webadm, even though
clicking it will result in the session being abandoned. In the native
client, the user will not be prompted before the session is abandoned.

Webadm does not verify the sessions in the session database, thus the
issue becomes more severe there as the data on which the
abandon/terminate choice is based on can be up to 10 minutes old (the
interval of automatic session verification). The native client on the
other hand does verify the relevant session(s) and will base the
abandon/terminate decision on more recent data.

Steps to reproduce

  1. Open the native ThinLinc client
  2. Connect to a server which allows more than 1 concurrent session
     which already has one or more sessions running for the selected
  3. When the session list dialog has popped up, stop the `vsmagent'
     service on the agent machine.
  4. Click "Terminate" with one of the sessions residing on the now dead
     agent selected
  5. The session will now be in an abandoned state, even though no
     warning dialog about abandoning was shown.

Note You need to log in before you can comment on or make changes to this bug.