New session created after 1 minute or more of inactivity #204
Comments
|
Which version of the module are you on? |
|
Its 2.1.2 |
|
Could you send a debug log file of this event happening? Normally an XHR call should not result in a redirect that will never resolve. See also https://github.com/pingidentity/mod_auth_openidc/wiki/Cookies for hints around this. |
|
Debug log attached. Attachment All XHR calls has X-Requested-With in the header resulting 401 after new session is created |
|
can you try f2dd8f9 |
|
Thank you @zandbelt, it works like a charm, will run few more tests and confirm. |
|
I've tuned it a bit in a followup commit 20787d5 |
|
Thanks @zandbelt for the fix, last week I was trying to use your module in front of https://github.com/lmenezes/elasticsearch-kopf and experiencing the same issues as @anagan, I can also confirm that the uuid of the session inside the cookie remains unchanged now and it works like a charm. |
|
@askainet thanks for chiming in; I have released 2.1.3 with the fix: https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.3 |
|
Works perfectly, thanks @zandbelt! |
We have multiple chart widgets in our app, each making a XHR request to APIs to fetch data. These APIs are setup behind Apache and with Apache as reverse proxy. After authentication when page loads multiple XHR requests are sent from browser and initially everything works fine. After a minute or more has elapsed and when navigated to another page which has another set of widgets making XHR calls, only 1st or 2nd requests go through. It was observed 1st or 2nd XHR response gets a new session cookie with a new UUID value and old is invalidated. Since all XHR calls are almost made at same time some fail because old cookie was sent with XHR which is no longer available.
Since session cookie value(UUID) is used as a key for session data lookup, is it possible to preserve same session cookie value for the lifetime of the session?
The text was updated successfully, but these errors were encountered: