Solved

Redirect session lost after 4 minutes

  • 18 July 2023
  • 4 replies
  • 117 views
M
Rank
Badge +1

If the user doesn't login within 4 minutes on the login screen, the redirect is lost and the user gets the “Indicium is running”-page. 

We have received multiple emails from confused users because the 'Indicium is running' page does not provide any further instructions on how to proceed.

 

Reproduction steps: 

  • From any app, go to the login-page
    • (This is a request with a redirect URL)
  • Stay on the page for longer than 4 minutes
  • Fill in the correct credentials

Expected flow: 

  • User is redirected to the redirect url that is provided with the initial request

Current flow: 

  • User is redirected to the root URL of the indicium and sees a page with “Indicium is running”

 

 

 

Additional technical information:

The cookie: “CookieTempDataProvider” has an expiration date of 4 minutes in the future. After that the cookie is lost and this is needed for the redirect URL.

 

 

 

Possible related issues: 

  •  

icon

Best answer by Vincent Doppenberg 6 December 2023, 11:26

View original

4 replies

V
Rank
Userlevel 6
Badge +4

Hello Martijn,

The cookie: “CookieTempDataProvider” has an expiration date of 4 minutes in the future. After that the cookie is lost and this is needed for the redirect URL.

This is indeed how it is configured right now. These TempData cookies are used to persist information during certain user processes that involve entering data in a form and/or redirects between such pages. Despite these cookies being deleted after use, we would prefer for these cookies to be rather short-lived, to avoid the risk of old, lingering cookies having an unexpected effect on a new user process. It was our estimation that 4 minutes would be a good amount of time to finish the log in process in.

Do you expect that 6, 8 or 10 minutes would be sufficient for your users to log in?

M
Rank
Badge +1

Hi Vincent, 

 

Thank you for your quick response! 

 

 

I understand your concern regarding the risk of old, lingering cookies. However, the issue lies in the resulting dead-end for the user flow. Users encounter a slightly confusing screen that restricts their ability to proceed, leaving them with limited options like typing in a new URL or using the browser's default functionalities to navigate back. In some cases, this confusion has led individuals to interpret the screen as a prompt to change their password.

 

Increasing the time would ofcourse help in some of the situations, but not for all cases. Also in regard to the related issues (I mentioned in my original post), it might be a solution to create a customizable page for this case. Check if there is still a cookie and otherwise redirect to the custom page. On the custom page we can explain to the user that the login process took to long and they have to retry it, via entering the URL of going back in the browser.

 

Ideally, it would be preferable to retain the redirect URL through methods such as query parameters. However, I understand that this may not be currently feasible.

 

Kind regards, 

 

Martijn 

 

V
Rank
Userlevel 6
Badge +4

Hello martijngaasbeek,

We have put this on our backlog and we will be looking into a few different approaches to solve this issue, as well as the related issues that you've linked. Our primary goal is to prevent Indicium from ever losing the redirect URL, but we will also consider something like a home URL which can be configured in the appsettings, which can serve as the default redirect URL and be displayed as a button.

I will keep you updated in this topic.

V
Rank
Userlevel 6
Badge +4

Hello @martijngaasbeek,

We have made a few changes that will prevent this issue from impacting the user experience.

  • The lifespan of the cookie has been increased to 10 minutes. This will make it quite unlikely that the cookie will expire during normal login flows.
  • We have added a configuration setting called ApplicationRedirectURL, which allows the configuration of a URL to, for example, the Universal GUI. Indicium will use this URL as the default redirect URL when the cookie has expired.
  • The same setting will also cause a button to be shown on the root page of Indicium. Should the user ever end up there, that button will take them back to that URL.

You can read about these changes in the release notes here.

Reply


Terms & ConditionsCookie settings