User Session Verification When Saving a File

[Anthony Brian Mallgren]

As some context, I have a very small budget at the moment, so much so that purchasing an SSL Certificate is nearly out of the question. Thus, I am using the builtin editor and the SSL Certificate that GoDaddy provides to perform development tasks, via Plesk. It would seem to me that this is a fairly common scenario, especially when building proof of concept ideas.

Here is the issue. When I attempt to save a file and the user session has expired, the application seems to clear the page state, redirects the user to a login form, then sends the user to a landing page. This puts the user at risk for losing changes unless additional measures are taken.

This seems like a bug to me.

Are there any known fixes, or perhaps at least some method to mitigate this issue?

 

[vlikhtanskiy]

Hello,

The only thing I can advice is to increase session idle time: Tools & Settings > Session Idle Time

 

[UFHH01]

Hi Anthony Brian Mallgren,

As some context, I have a very small budget at the moment, so much so that purchasing an SSL Certificate is nearly out of the question.

Get some free certificates from startssl.com. There are no free wildcard - certificates from them, but you can have as many Class 1 certificates for each subdomain as you want. ( servername.domain.com = Plesk Control Panel / www.domain.com = domain certificate / mail.domain.com = MTA certificate ( or separate them to imap. / pop3. / mail. ) / webmail.domain.com = webmail certificate / ftp.domain.com = FTP certificate ..... just be creative ^^ ). As long as you don't use shop/buy/bank/ ... or similar words in your domain-name, the Class 1 certificates are always free and last 1 year each. Read the terms from startssl for more informations. In addition, you can secure each of your eMail - accounts with a certificate for free.

 

[Anthony Brian Mallgren]

Hello,

The only thing I can advice is to increase session idle time: Tools & Settings > Session Idle Time

Are these instructions for the GoDaddy user interface?

 

[UFHH01]

Hi Anthony Brian Mallgren,

to see the mentioned "Tools & Settings > Session Idle Time" ( and other server administration options at "Tools & Settings" ), please use the "Service Provider view".

Interface Views ( online documentation: Administrator's Guide, Plesk 12.0 )

​

 

[Anthony Brian Mallgren]

Hi Anthony Brian Mallgren,

to see the mentioned "Tools & Settings > Session Idle Time" ( and other server administration options at "Tools & Settings" ), please use the "Service Provider view".

Interface Views ( online documentation: Administrator's Guide, Plesk 12.0 )

​

I, don't quite understand. To quote the documentation:

You can change the Plesk view any time from Tools & Settings > Interface Management.

So, it seems, with these instructions, to see the mentioned "Tools & Settings > Session Idle Time", I would need to change the view, seemingly from Tools & Settings > Interface Management.

Can you confirm?

 

[UFHH01]

Hi Anthony Brian Mallgren,

I should have ask in the first place: Are you logged in as admin/reseller or customer?

 

[Anthony Brian Mallgren]

Hi Anthony Brian Mallgren,

I should have ask in the first place: Are you logged in as admin/reseller or customer?

Customer, I believe.

 

[UFHH01]

Hi Anthony Brian Mallgren,

sorry.... the server administration tools are only available for admins, as described in the documentations. Please contact your administrator, if you would like some changes regarding the Ide-Times.

 

[Anthony Brian Mallgren]

Hi Anthony Brian Mallgren,



Get some free certificates from startssl.com. There are no free wildcard - certificates from them, but you can have as many Class 1 certificates for each subdomain as you want. ( servername.domain.com = Plesk Control Panel / www.domain.com = domain certificate / mail.domain.com = MTA certificate ( or separate them to imap. / pop3. / mail. ) / webmail.domain.com = webmail certificate / ftp.domain.com = FTP certificate ..... just be creative ^^ ). As long as you don't use shop/buy/bank/ ... or similar words in your domain-name, the Class 1 certificates are always free and last 1 year each. Read the terms from startssl for more informations. In addition, you can secure each of your eMail - accounts with a certificate for free.

A bit too ironic for me.

 

[UFHH01]

Hi Anthony Brian Mallgren,

well Anthony... please fix your connection issues, because I never experienced such issues, or try to tweak your browser correctly. It is always a good idea to use different browsers as well, to investigate, if the root cause of any problem is not the own PC, its software ( anti-virus - protection? ) or it's connection, or firewall. Maybe it's time as well for some googling, if you experience issues, because this forum is a Plesk related - forum.

 

[Anthony Brian Mallgren]

Hi Anthony Brian Mallgren,

well Anthony... please fix your connection issues, because I never experienced such issues, or try to tweak your browser correctly. It is always a good idea to use different browsers as well, to investigate, if the root cause of any problem is not the own PC, its software ( anti-virus - protection? ) or it's connection, or firewall. Maybe it's time as well for some googling, if you experience issues, because this forum is a Plesk related - forum.

Yes, you are probably correct; it is most likely a Google related issue, not Plesk.

 

[UFHH01]

Hi Anthony Brian Mallgren,

eeehm...

Yes, you are probably correct; it is most likely a Google related issue, not Plesk.

How do you expect authorization, if you don't use a valid certificate for StartSSL.com? Please don't misunderstand me, but StartSSL.com and it's products and services are not part of Plesk, that's why I mentioned, that you should USE Google search, in order to get some answers to your issue, while trying to open the URL "https://auth.startssl.com" .

 

[Anthony Brian Mallgren]

Hi Anthony Brian Mallgren,

eeehm...

How do you expect authorization, if you don't use a valid certificate for StartSSL.com? Please don't misunderstand me, but StartSSL.com and it's products and services are not part of Plesk, that's why I mentioned, that you should USE Google search, in order to get some answers to your issue, while trying to open the URL "https://auth.startssl.com" .

It seems as though Plesk is attempting to offer a solution for low budget projects that includes a secure environment, on which, development may be performed (at least when delivered through GoDaddy). I am attempting to perform development within that secure environment and running into issues. This is becoming a proven scenario. RedHat OpenShift has an SSL solution for development, for free, but it seems as though the URL configuration, even for custom domains, is a bit awkward (as far as I'm able to tell). StartSSL was suggested as a workaround, perhaps temporary, while Plesk furthers the offering of the solution it has produced and, seemingly, sold. The website itself seems to present problems, on different computers, on different networks.

Here is my question: Given that Plesk was sold as a hosting solution, for under $10 a month, is there a manner in which development may be performed that does not compromise the ongoing security of the website?

Mind you, there is no sensitive data in the end user implementation and scenario. I am simply asking from a hosting/deployment/development perspective.

In the state that Plesk is in, at least on GoDaddy, from what I have experienced, it seems to be an unreasonable solution for hosting, as presented and sold.

 

[UFHH01]

Hi Anthony Brian Mallgren,

maybe these statements from Odin will help you to understand, that Odin is no web- or server - hoster:

__________________________________________________________________________________________

Website Owner
Do you have a website hosted on the Internet? Website hosting service providers use Plesk software to help them manage their servers.

Odin does not host any websites or provide website hosting service.

For questions about your website or website hosting service, you should contact your service provider

Find your service provider

__________________________________________________________________________________________

Server Owner / Administrator
Do you use Plesk software to help you manage your server? Server hosting providers offer Plesk software to help server administrators manage their servers.

Odin does not provide any server hosting service.

For questions about your website or hosting service, you should contact your service provider.

If you purchased your Plesk license from a server provider, we recommend contacting them first for support.

To continue with opening a ticket with Odin, click here:

__________________________________________________________________________________________

Further informations ( and working links ) can be viewed at: http://www.odin.com/support/plesk-suite/partner-storefront/​

 

[Anthony Brian Mallgren]

Hi Anthony Brian Mallgren,

maybe these statements from Odin will help you to understand, that Odin is no web- or server - hoster:

__________________________________________________________________________________________

Website Owner
Do you have a website hosted on the Internet? Website hosting service providers use Plesk software to help them manage their servers.

Odin does not host any websites or provide website hosting service.

For questions about your website or website hosting service, you should contact your service provider

Find your service provider

__________________________________________________________________________________________

Server Owner / Administrator
Do you use Plesk software to help you manage your server? Server hosting providers offer Plesk software to help server administrators manage their servers.

Odin does not provide any server hosting service.

For questions about your website or hosting service, you should contact your service provider.

If you purchased your Plesk license from a server provider, we recommend contacting them first for support.

To continue with opening a ticket with Odin, click here:

__________________________________________________________________________________________

Further informations ( and working links ) can be viewed at: http://www.odin.com/support/plesk-suite/partner-storefront/​

Which I interpret as, if you would like to do business with someone whom is not afraid to take accountability, nor attempts to shed their duty, you are being directed to Microsoft Corporation, as we are not to be held responsible for the quality of our products, relative to their offerings.

Perhaps Odin should not have over extended themselves, and perhaps the hosting providers would not have offered malfunctioning solutions, then I wouldn't be dealing with people pointing fingers at each other in regards to the quality of the end user offering.

 

[UFHH01]

Hi Anthony Brian Mallgren,

Which I interpret as, if you would like to do business with someone whom is not afraid to take accountability, nor attempts to shed their duty, you are being directed to Microsoft Corporation, as we are not to be held responsible for the quality of our products, relative to their offerings.

Feel free to interpret anything you would like to, but I doubt that such interpretations are helpfull for anyone or anything, because they are just misleading.
In my personal opinion a server administrator, or website hoster should first investigate issues, before making false statements like "offered malfunctioning solutions", because as far that I investigated all your threads and posts with possible issues, I can say, that all the issues are caused by misconfigurations, which are not done by Plesk, sometimes they even have got nothing to do with Plesk at all, which leads to the fact, that you should consider to hire a server administrator who solves your issues. Don't get this wrong, but Plesk software doesn't replace a server administrator, it just makes it easier to administrate a server or a website, some basic work has still to be done by a person with some basic server administration skills, to avoid issues and problems.

 

[Anthony Brian Mallgren]

I was providing product feedback, up until the disclaimer stating that Odin directs you to your provider for any hosting related issues and you should first contact the person or organization that provided you with Plesk. I'm not sure how else to interpret what you said, nor what could be said that would be helpful. Yes, somewhere between the Operating System and the User, there sits some software, of which Odin is seemingly not liable for the end user experience (as, they, themselves, seemingly do not use their own product). That is basically what I said. So, as far as hosting providers go that produce operating systems, there are few. So if the principle of accountability falls upon those people, as far as end users go, Plesk is basically useless.

 

[Anthony Brian Mallgren]

Could someone at least explain the product architecture decision of not verifying an active user session before clearing the state of the page for the following scenarios?

• Using a modal dialog to login, if found without an active user session.
• Carrying a persistent page model through to the re-authentication request, then utilizing a callback, containing that information.
• Utilizing a client side persistence model that is synchronized, and perhaps purged, as events take place.

Or other possible scenarios that wouldn't involve trashing user data when user sessions expire?