Constant session timeouts in Kibana 7.10.0 on OpenShift but not with 7.9.3

I have installed a secured Elastic 7.10.0 cluster (3 master, 2 client, 5 data nodes) on OpenShift and added Kibana (2 node cluster).

However, with Kibana 7.10.0 installed it constantly experiences session timeouts.

I have set every configuration setting I could find to stop this from happening:

kibana.yml: |-
    server.host: 0.0.0.0
    xpack.security.session.idleTimeout: 900000 # timeout after 15 min idle
    xpack.security.session.lifespan: "30d"
    xpack.security.sessionTimeout: 86400000 # session lasts 24 hours
    xpack.security.encryptionKey: "REDACTED"
    elasticsearch:
      hosts: ${ELASTICSEARCH_HOSTS}
      username: ${ELASTICSEARCH_USERNAME}
      password: ${ELASTICSEARCH_PASSWORD}
      pingTimeout: 600000
      requestTimeout: 600000
      shardTimeout: 600000
      startupTimeout: 600000

In OpenShift, I adjusted the route:

oc annotate route <<route-name>> --overwrite haproxy.router.openshift.io/timeout=86400000

However, it still timeouts out the session immediately using 7.10.0 but works find with 7.9.3

Any idea why this is happening?

Hey @ngilmore, welcome to the discussion boards!

xpack.security.sessionTimeout has been renamed to xpack.security.session.idleTimeout, so it's not necessary to configure both. I'd recommend just keeping xpack.security.session.idleTimeout. You can also make that setting more readable by specifying it as a duration like you've done for the lifespan:

xpack.security.session.idleTimeout: 15m # timeout after 15 minutes of inactivity 

None of that is the cause of your problem though. Can you double check that you have xpack.security.encryptionKey set on BOTH of your Kibana instances, and that this value is identical? Having different encryption keys set on different instances is a common cause of this problem.

If that's already configured properly, then we will need debug logs to triage further. Set the following, restart Kibana, and capture the logs which show the session timeouts happening:

# kibana.yml
logging.verbose: true

In addition to what Larry said, make sure that ALL session related settings (xpack.security.session.*) are identical for all Kibana instances you have.