[IGN-4522] Invalid cookie header - Invalid ‘expires’ attribute warnings in Ignition

Hello, I am using Auth0 as my IDP and everything works however I have continuous warnings in the logs of the type:

Invalid cookie header: “Set-Cookie: did_compat=s%3Av0%3Ac0ec1460-0659-12ec-8e2e-f14ff436a214.MZFsc7cg652%2FD5vf5pcbIv2VyTwjvEsvJXBwhSRXsDY; Max-Age=31557600; Path=/; Expires=Fri, 26 Aug 2022 16:38:30 GMT; HttpOnly; Secure”. Invalid ‘expires’ attribute:

apart from the continuous warnings whenever a user authenticates I noticed the session expires very quickly (something like 30 minutes) so each day we need to relogin to the gateway hundreds of times during development.

We’ve logged an internal ticket to address the “Invalid cookie header” warnings.

However, I’m not sure if that is related to the session expiring quickly. Which session are you talking about? The one on the Ignition side? Or the one on the IdP side?

Hello, I’m talking about the Ignition side authentication which expires no matter what after circa 40 minutes even though we set them to never expire, the Ignition side uses the embedded IA idp of course.

Which part of Ignition are you logging into from Auth0? If you are talking about Perspective’s session expiring before Auth0’s session, you could adjust Perspective’s session timeout settings in Designer > Project > Properties > Perspective > General. Also, do you have the Inactivity Timeout feature enabled in Designer > Project > Properties > Perspective > Inactivity? That could also kick in and log you out if you have let the session sit idle for whatever amount of time is configured.

the Auth0 is used for our own projects which correctly never expire, below is their configuration:

the problem is with the Inductive Automation Gateway admin GUI which expires after 40 min, even setting the “remember me” option has no effect:

image

below the gateway admin page I’m talking about:

Ok, there are additional settings for the internal Ignition IdP - see Configuring Identity Providers - Ignition User Manual 8.1 - Ignition Documentation

For the Gateway Web Interface’s sessions: there is also a “User Inactivity Timeout” setting in Config > Security > General - see Gateway General Security Settings - Ignition User Manual 8.1 - Ignition Documentation

Also: if the “Always ask the IdP to re-authenticate users by default” checkbox is enabled under the “System Identity Provider” setting in the General Security config page, the IdP may force you to re-enter credentials every time you have to log back into the Gateway Web Interface.

Ok I configured the settings as below:

I’ll mark as solved if it doesn’t log me out after 40 mins.

Tomorrow’s early access build (15 October 2021) should include a fix for the “Invalid cookie header” issue. For more details, see: [IGN-4521, IGN-4522] Login "fails" when using Auth0 IDP...but not when you retry - #4 by jspecht

Thank you, I will test the new release and report soon.