Network error once session is expired


#1

Hi guys,

Some users tend to keep Discourse opened for weeks/months. Unfortunately, users get a “network error” when they are trying to browse the forum with an expired session.

I can easily reproduce this behavior by setting the session expiry time to 1 hour, wait 1 hour and try to open my profile or a topic… Eventually i would get this network error issue.

From my perspective, we should redirect the users to the login/sso page when their session is expired. Is there anyway to achieve that?

Thank,
Seb


(Jeff Atwood) #7

Sorry for the noise, let’s start over here.

How long are they keeping the browser open, exactly, and on which page? The browser pings us periodically so it should stay alive pretty much forever.

If you don’t want sessions to expire, then why did you change the setting from its default of 1440 hours (that’s 60 days) to one hour?

Are you really telling us that you expect your users to keep the browser open for more than 60 days?


#11

Hi,

Thank you for your answer. My beloved users never restart their computer and tend to have tons of tabs loaded. They keep the main page opened and then from time to time, they open topics/their profile… I don’t expect/want them to keep it opened but that’s what they are doing… When I tell them to close all tabs they answer me “no because then I will have to login again” :smile:

I would expect users to be redirected to the login/sso page once their session expires.


(Jeff Atwood) #12

Sure @falco had an idea to follow up here but did not post it in public for some reason. Perhaps he should? :wink:


(Rafael dos Santos Silva) #13

I had this exact same problem. That was one of the reasons I did the PR for a shorter session in the first place.

When the session cookies expires Discourse get’s crazy. A public topic will get loaded, but timings, notifications and everything will start to fail silently and will eventually break.

Ideally we would have a exception treatment in our Discourse.ajax function that would popup saying that the session expired, click to refresh/login.

This would help enterprise setups with small sessions (because of IT audits or shared computers) and tab hoarders alike.

We just need to be careful to capture this correctly. I think it’s when your xhr gets a 302 with location being ${Discourse.base_url}\login.


(Felix Freiberger) #14

I think this is a duplicate of my very first bug report from back in 2015 :slight_smile:


(Rafael dos Santos Silva) #15

Yes. Now it’s a bit worse because you can have a session lifetime shorter than forever, so it’s not only when you miss a notification.