I have not configured any auto-logout scripts yet on my perspective application, but after a certain period, my users are getting automatically logged out. Is there a setting somewhere that determines this length of time? The closest thing I could find was Project Properties>Perspective>Session Timeout, but I suspect that’s more about how long the gateway considers a session active once the device disconnects, rather than a user logout. I set both Desktop and Mobile to 10 seconds to test and confirmed that it’s not related to the users.
A second quirk is that after this auto-logout occurs, if I trigger a login from e.g. a button click, it will open the login page very briefly but then instantly log in with the previously used credentials. If I trigger a logout this does not happen.
It’s as if there’s a timeout which kind-of-but-not-really logs out the current user going on?
The logging back in with previous credentials is likely due to the credentials being in the cache (logging out by clicking “Sign Out” would clear the cache), but it’s odd that your user is being logged out after a set period of time…
Sounds to me like one of a couple things are happening:
Your browser’s web sockets are losing their connection to the gateway (bad network connectivity from browser to gateway or maybe the machine with the browser went to sleep). When the last web socket disconnects for a given (browser, project) pair, the session timeout begins. When the session timeout elapses, the perspective session for that (browser, project) pair is destroyed. Since the web auth session lives on the perspective session, it will also be destroyed. However, your browser session with the IdP may live on depending on its own session timeout. This would explain why you were able to authenticate without re-entering credentials - your browser’s cookie is still valid.
You changed your IdP’s configuration while your user was logged into a perspective session. Some IdP configuration changes such as changes to the web auth strategy settings will always invalidate the web auth session in a perspective project session.
It seems more likely that #1 is happening unless you remember messing around with IdP configurations on the gateway web interface with the live perspective sessions running? Next time it happens, check to see if your browser is disconnecting from the gateway.
This is almost certainly the case - the client I'm testing is on an iPad, and the iPad is going to sleep (and, therefore, presumably dropping the perspective session). When I open it up to do some more testing, it appears logged out but "automatically" logs back in.
Is there a way to force the logout not only on idle time, but also on session disconnect? Having a session appear to be logged out, but still able to be logged back in without knowing the user name and password is definitely not ideal.
There’s conceivably a feature in having a session force logout on disconnect, but I think it’s arguably not what you want on by default. When it comes to applications on my mobile devices, logging in every time my device goes to sleep is the last thing I want as a user.
True. How about the opposite - forcing it to re-authenticate (if the cookie is still valid, and I haven’t actively logged out) when the session re-connects? Ultimately, I just want to avoid the discrepancy between the user functionally logged in and the user with a valid cookie present. Otherwise, a user could conceivably check and see that they appear to have logged out, hand the tablet over to a less-qualified user, and that user could end up with access elevated privileges without entering a password.
Just bumping this again. @cmallonee is right in that we probably don’t want to force an auto logout on session disconnect, but I do need to find a way to make sure that if the system “looks” logged out, that it actually is logged out, and that you definitely need to enter a username and password to log back in again. Is there anything I can do to at least detect whether the login is still active?
How can we clear the cache? I have an app where they don’t want to require the operators to log in so I have autologin set. (It’s an android scan gun and difficult to type on). I also have some admin functions I don’t want them to get to. I have tried adding a button with login and logout scripts but it has odd behavior. If I have restarted the device the login or logout will do what I want and give me an opportunity to log in as admin. If I try to click it again it just immediately logs back in as the last user whether operator or admin, even if I restart the app. This means I have to restart a device if I use any admin features since that is now the only way to be logged in as an operator. I don’t think it is the autologin as I gave that operator credentials and I also deleted all passwords in the browser.
There's a lot going on in your post which is resulting in some confusion on this end. I'm going to operate under the assumption you're using Perspective, since this is a Perspective thread.
Auto-Login is a Vision concept and has nothing to do with Perspective, and so I'm hoping this is where the disconnect is coming into play. If you're using Perspective, Auto-Login does nothing.
We did recognize a bug in the Logout/Login behavior of Perspective which we have fixed as of 8.0.11 (which should have RC1 out today or tomorrow), where logging out and back in fairly quickly would result in the original user being logged in instead of asking for the new user's credentials.
So try this with the new logout/login behaviors in place and let us know if it's still an issue.
We’re going to need some more information before we can really assist you, @Tim_David . What are the settings you have configured for session timeout? Does your project require authentication? Under what conditions are users being logged out?
Query Background :
10 Perspective workstation are running in the network , but only few workstation are showing the attached image as logout.
Project is not enabled for inactivity detection to auto logout the session, but in random times we are getting this attached image. Project is configured for Identity provider authentication .
We are unable to identify in which case above event it occurring in only few clients.
Is there any way to get the logs of the clients in which case above event occurred ? or any other resolution.
Perspective sessions don’t store their own logs, so you’d be scanning the general gateway logs. Is your license in any way limited to a certain number of clients/sessions? Do you have any scenarios in your project (or any Gateway scripts) that would log any session out for any reason? Some users put log out scenarios in place but don’t always realize the code placement could be triggered by unexpected conditions.
Unfortunately there is no Logout Event under which you could place some sort of logging to catch the session ID during logout. In theory, that would allow you to filter your logging a bit, but really, unless you’re logging what is happening to cause the logout the logs won’t be very helpful.
There are only three situations I can think of under which Perspective would log a user out:
Session Inactivity settings - which you said were not active.
Code you have in place somewhere to log a user out under some condition or during some event.
Session limits on a license.
If you can verify none of those situations are what you’re encountering, then you should contact support.
