-
Notifications
You must be signed in to change notification settings - Fork 323
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New session created after 1 minute or more of inactivity #204
Comments
Which version of the module are you on? |
Its 2.1.2 |
Could you send a debug log file of this event happening? Normally an XHR call should not result in a redirect that will never resolve. See also https://github.com/pingidentity/mod_auth_openidc/wiki/Cookies for hints around this. |
Debug log attached. Attachment All XHR calls has X-Requested-With in the header resulting 401 after new session is created |
can you try f2dd8f9 |
Thank you @zandbelt, it works like a charm, will run few more tests and confirm. |
I've tuned it a bit in a followup commit 20787d5 |
Thanks @zandbelt for the fix, last week I was trying to use your module in front of https://github.com/lmenezes/elasticsearch-kopf and experiencing the same issues as @anagan, I can also confirm that the uuid of the session inside the cookie remains unchanged now and it works like a charm. |
@askainet thanks for chiming in; I have released 2.1.3 with the fix: https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.3 |
Works perfectly, thanks @zandbelt! |
We have multiple chart widgets in our app, each making a XHR request to APIs to fetch data. These APIs are setup behind Apache and with Apache as reverse proxy. After authentication when page loads multiple XHR requests are sent from browser and initially everything works fine. After a minute or more has elapsed and when navigated to another page which has another set of widgets making XHR calls, only 1st or 2nd requests go through. It was observed 1st or 2nd XHR response gets a new session cookie with a new UUID value and old is invalidated. Since all XHR calls are almost made at same time some fail because old cookie was sent with XHR which is no longer available.
Since session cookie value(UUID) is used as a key for session data lookup, is it possible to preserve same session cookie value for the lifetime of the session?
The text was updated successfully, but these errors were encountered: