Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

User cannot log in after fixed session timeout expired

Description

Note: fixed session timeout value can be viewed and updated in the Keycloak admin interface:

  • Select a tenant

  • "Realm settings" → "Sessions" → "Client Session Max" (f.e., you can set it to lower value, such as 2 minutes)

Steps to reproduce:

  1. Login to evrk2 environment as an admin user

  2. Open any application page, for example:

    • "Settings" → "Tenant"

  3. Wait until fixed session timeout expires (see Preconditions) - user is logged out and redirected to login page

  4. Log in as the same user

Expected result:

  • The same application page as was opened before logout is opened

Actual result:

  • Welcome page is shown for a brief time. Then user is redirected back to login page

Additional info:

  • See screencast with example:

 

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Attachments

4

defines

relates to

Checklist

hide

Activity

Show:

Yauhen Viazau August 9, 2024 at 8:28 AM

Re-tested on evrk2 - logout works as expected

User is logged out when the fixed session timeout expires and redirected to login page. See example:

If a user is logging back in, they are not redirected to the original page. There is a separate ticket for that -

Yauhen Viazau August 5, 2024 at 8:03 AM
Edited

Re-tested on evrk2 - issue remains

Issue reported in my last comment remains. Tried with 2, 10, 15, 20 min fixed session timeout values (including a case when it is less than access token lifespan).

A user is being automatically re-logged in after the fixed session timeout expires. Without ever seeing the login screen. See example:

/ - please review. Please also clarify if there rules for other timeout values compared to fixed session timeout that should be followed when testing (e.g., this timeout should be higher/lower than certain other timeouts)

Ryan Berger August 2, 2024 at 7:37 PM

No longer reproducible on evrk2. Please retest.

Yauhen Viazau July 29, 2024 at 1:32 PM

Tested on evrk2 - issue found

A user is being automatically re-logged in after the fixed session timeout expires. Without ever seeing the login screen. See example:

- please review

Done

Details

Assignee

Reporter

Labels

Priority

Story Points

Sprint

Development Team

Eureka

Fix versions

RCA Group

Implementation coding issue

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created July 25, 2024 at 12:16 PM
Updated December 5, 2024 at 8:51 PM
Resolved August 9, 2024 at 2:23 PM
TestRail: Cases
TestRail: Runs