[CORE-307] Fix internal key expiration date assigned when changing password Created: 25/May/18  Updated: 23/Jan/19  Resolved: 17/Jan/19

Status: Closed
Project: i2b2 Core Software
Component/s: None
Affects Version/s: 1.7.10
Fix Version/s: 1.7.11

Type: Bug Priority: Major
Reporter: Janice Donahoe Assignee: Reeta Metta
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 0|i003zb:

When a user successfully changes their password the system creates a new SESSION_ID but it is never used. The session_ID is never sent in any messages it is only filed in the table which is why it is referred to as "internal" in the title of this issue.

Normally the EXPIRED_DATE of a SESSION_ID is set for the same date and 30 minutes past the ENTRY_DATE. However when the password is changed and the new session started the EXPIRED_DATE is set to expire to about 57 years in the future instead of 30 minutes.

This only happens when changing the password. The Expired_Date is getting set correctly and expiring for all other scenarios.

Again, this SESSION_ID is never used and is never sent in any xml messages. The only way to see it is to query the table directly, in which case you would need the appropriate access to the i2b2 database.
Generated at Fri Aug 19 14:23:12 UTC 2022 using Jira 8.20.11#820011-sha1:0629dd8d260e3954ece49053e565d01dabe11609.