[IGN-4522] Invalid cookie header - Invalid ‘expires’ attribute warnings in Ignition

r.p · September 1, 2021, 7:13am

Hello, I am using Auth0 as my IDP and everything works however I have continuous warnings in the logs of the type:

Invalid cookie header: “Set-Cookie: did_compat=s%3Av0%3Ac0ec1460-0659-12ec-8e2e-f14ff436a214.MZFsc7cg652%2FD5vf5pcbIv2VyTwjvEsvJXBwhSRXsDY; Max-Age=31557600; Path=/; Expires=Fri, 26 Aug 2022 16:38:30 GMT; HttpOnly; Secure”. Invalid ‘expires’ attribute:

apart from the continuous warnings whenever a user authenticates I noticed the session expires very quickly (something like 30 minutes) so each day we need to relogin to the gateway hundreds of times during development.

jspecht · September 25, 2021, 1:25am

We’ve logged an internal ticket to address the “Invalid cookie header” warnings.

However, I’m not sure if that is related to the session expiring quickly. Which session are you talking about? The one on the Ignition side? Or the one on the IdP side?

r.p · September 27, 2021, 8:01am

Hello, I'm talking about the Ignition side authentication which expires no matter what after circa 40 minutes even though we set them to never expire, the Ignition side uses the embedded IA idp of course.

jspecht · September 27, 2021, 2:51pm

Which part of Ignition are you logging into from Auth0? If you are talking about Perspective’s session expiring before Auth0’s session, you could adjust Perspective’s session timeout settings in Designer > Project > Properties > Perspective > General. Also, do you have the Inactivity Timeout feature enabled in Designer > Project > Properties > Perspective > Inactivity? That could also kick in and log you out if you have let the session sit idle for whatever amount of time is configured.

r.p · September 27, 2021, 3:09pm

the Auth0 is used for our own projects which correctly never expire, below is their configuration:

the problem is with the Inductive Automation Gateway admin GUI which expires after 40 min, even setting the “remember me” option has no effect:

below the gateway admin page I’m talking about:

jspecht · September 27, 2021, 3:43pm

Ok, there are additional settings for the internal Ignition IdP - see Configuring Identity Providers - Ignition User Manual 8.1 - Ignition Documentation

For the Gateway Web Interface’s sessions: there is also a “User Inactivity Timeout” setting in Config > Security > General - see Gateway General Security Settings - Ignition User Manual 8.1 - Ignition Documentation

Also: if the “Always ask the IdP to re-authenticate users by default” checkbox is enabled under the “System Identity Provider” setting in the General Security config page, the IdP may force you to re-enter credentials every time you have to log back into the Gateway Web Interface.

r.p · September 27, 2021, 3:56pm

Ok I configured the settings as below:

I’ll mark as solved if it doesn’t log me out after 40 mins.

jspecht · October 15, 2021, 12:29am

Tomorrow’s early access build (15 October 2021) should include a fix for the “Invalid cookie header” issue. For more details, see: [IGN-4521, IGN-4522] Login "fails" when using Auth0 IDP...but not when you retry - #4 by jspecht

r.p · October 15, 2021, 7:06am

Thank you, I will test the new release and report soon.