Getting random logout issues and role required issues on reactive application.
Application Type
Reactive
Service Studio Version
11.10.12 (Build 39237)
Platform Version
11.8.4 (Build 29614)

Hello Everyone,

We are working on a reactive application DataLocker, where users are randomly getting logged out from application and redirected to custom logout page, while navigating to pages or clicking buttons like save or submit and multiple error are logged in the the  error log like "DataLockerUser role required" or "Registered role required" when an Security Exception occurs.

Since we have created an role "DataLockerUser" for this application and we are granting this role if not already assigned when a user login but after successful login and entering into  "Datalocker" application user sometimes automatically gets redirected to logout screen and doesn't have values in its Client.username and GetuserId() function even after 5-10 min of activity.


User gets logged out while saving or when server/service api action is called and above error are logged in service center.

Do we need to check roles before calling server/service api action since getting error role required when services are called within server action.


Regards,

Nitesh Ahirwar

Champion

Hello Nitesh

Can you please ensure that you have not used any other customer check on Actions / Expressions to check the UserRole and missed to include both Roles? Here are examples where you may have added them - https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/User_Roles/Validate_End_User_Permissions_in_the_Application 

Hello Manish,

thanks for ur reply, no i have not used any checks, just checking 2 roles on page level as i mentioned.

Still getting random logout issues.

Champion

Thanks for confirmation, then it could be the issue of Session Timeout. On Session timeout the User Id, Role and Client Variables get reset to their default value and redirect the user to the login screen. 

Can you check the session timeout setting in configuration? 

Thats what i have mentioned manish, i know session is getting cleared randomly after login in in 5 10 min.. session time out is 3 hr as of now.

Champion

I have found this article if could help you. Though it is not solved but you can check session timeout in configuration tool - https://www.outsystems.com/forums/discussion/67714/reactive-error-users-encounter-auto-logout/ 


This too for session - https://www.outsystems.com/forums/discussion/34538/change-login-session-timeout/

Hey Manish, 

Really appreciated your effort to give a solution, i have already checked those threads , but my real issue is not session timeout. 

If you can go through my post again, I have mentioned "after successful login and entering into  "Datalocker" application user sometimes automatically gets redirected to logout screen and doesn't have values in its Client.username and GetuserId() function even after 5-10 min of activity. 

So the issue is random/abrupt logging out of the application even after 5-10 min of successful login.

Hope you are getting it. 

Here is my current error log screen looking like when working on application .

Hi Nitesh,

you say you are granting the role to a user as they login if they don't have it yet.  Are you sure this happens correctly. 

If you look at user afterwards in Users application, do they indeed have that role assigned to them ?

What if you grant a role to a test user with the Users application, does such a user also encounter the same security problems ?


Dorine

Hi Dorine,

Yes I am granting Datalocker role if user doesn't already have it on login and I have also checked for user details in user module whether they are correctly granted role or not after successful login. 

We are using users which have this role and still we get random logout issues and error messages in service center.

Hello @Nitesh Ahirwar,

What is the 'Max Idle Time' for the session login currently set to? I was curious to see if maybe this was a much lower value in your case, than the default 30 minutes.

The setting can be found in ServiceCenter -> Security -> Applications Authentication

Regards,

AJ

Hi AJ,

Here is my Max idle time. I have already done these settings.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.