We have a problem with keeping user logged in.
our guess are below
_forum_session value in Session storage keep changing when we click the board
So previous sessionkey, and new generated session key was not match sometime.
How to manage forum_session value? or How to control sequence of generating _forum_session?
What makes this popup out?
I don’t know what to provide to solve this problem. Don’t hesitate to ask me
sorry, slipping this into support, can you explain how your site is deployed?
Thanks for your help.
site is same as below.
version: 3.5.0.beta1
deployment type: self-hosted
login type: Discourse SSO Connect
Hi all,
I’m currently running a self-hosted Discourse instance within our infrastructure.
Everything works fine up to the point of logging in via the Discourse SSO Connect method (we use our own custom account server for authentication).
However, we’re encountering an issue where, during a search operation, a “You were logged out” popup appears randomly.
This only happens in the production environment — not in development or staging.
We haven’t modified any of the Discourse open source code.
Our assumption is that the _forum_session cookie is supposed to be updated with each API call, but for some reason, this update fails in production. As a result, the current session cookie becomes invalid and leads to a logout.
If anyone has experienced a similar issue or has insights into what’s going on, I’d really appreciate your help.
We’re hoping to resolve this as soon as possible.
Thanks!
Could this be related to
?
Yes, thank you for sharing.
I’d like to understand in what cases the forum_session update might fail. From what I can tell, it gets updated every time I enter a page via the Set-Cookie header in the response. We haven’t changed any related logic, so I’m unsure why it occasionally doesn’t update.
No need to open a new topic if there already is one (I presume it’s even about the same site).
You haven’t updated for over 4.5 months - please start by updating your site to latest tests-passed (3.5.0.beta8-dev) and see if that resolves the issue.
@RGJ Thanks for your response.
It’s a bit strange — we’re running three environments with the same version (3.5.0.beta1), but this issue only occurs in the production environment. The other two environments (development and staging) are working fine, so I don’t think it’s a version-related issue.
I’m wondering, is this the first time this issue has been reported? Have there been any similar reports in the past?
And to rule that out, you should update first.
Also, beta1 contains a number of security vulnerabilities, so you want do to this anyway 