We have an exception handler like that in reactive:
When there is a Security Exception, which the user login is no longer valid in the server, it should redirect the user to the login.
However, there is a strange behaviour happening, causing many error logs a "[role-name] role required" after some time leaving open the application:
It is causing the user to be redirected to the error page, with a message such as "backoffice_admin role required", instead of redirecting the user back to the login.
This is the stack trace of this error and it seems it was triggered in an XMLHttpRequest to the server:
Any idea of how to solve this issue? I am a senior developer, but only with few months in web reactive, so I am trying to figure out how everything works in regard to that. The documentation is very short.
We have set the Security configurations like that:
We have also tried to disable the first cache parameter to see if this was related to that or not. The Max. Idle Time of the session is 20 minutes, that we want the server to recognize the user login.
The reactive is very confusing around the session issues, it says it does not have a session, but the user is authenticated. Can someone give a better clue on this matter?
Thank you!
Hi Rossi,
Have you debugged the application to see where this error originates? Your stack trace is too short to determine this.
Unfortunately I cannot debug this, this is random not happening all the times. Besides that, the stack trace is very short indeed. However, it seems the error is a default error triggered by the OutSystems web page screen, when the user has not the required roles. However, the user is assigned with the roles. After this issue happens, if I click somewhere else in the error page, it goes to the login. It seems the screen may be triggering a role required error, when there is no longer a valid session/authentication and the global exception handler is not capturing it.
If you search a bit on the forum, there are other users that encounter what seems random logouts resulting in the same behaviour, but no solution unfortunately.
Thanks for sharing that, I've also found some topics. Sometime ago, a new version of the platform server was released fixing some issues we used to have, however this one was not fixed. We are all the time updating with the new version, to see if this issue will be fixed.
For me it seems a problem in the OutSystems reactive technology, something is malfunctioning or misconceived.
It's clearly not fully mature yet, unfortunately. I'd advise you to also create a Support case for this, perhaps they can either tell you what to do to prevent this from happening, or create a future fix.
Hello All,
I'm getting the same issue in one of our projects, I'm aware that this is an old post. Any leads or solution for this ?
Regards,
Varuni
Hi Varuni,
By the time, We identified that the issue was because of the session integration between web reactive and web traditional. Our login was a web traditional page, and after the login, this page was redirecting to a web traditional or a web reactive page depending on the user's role.
The solution for us was to convert all web traditional pages to web reactive and don't use the web traditional x web reactive session integration.
Thank you for your reply!! The problem which we faced was we had All Exception handler in some of the button action of the screen. So when there is session timeout, the button click triggers the AllException handler instead of global security handler. So we removed AllException handler in screen's button action which solved the problem.