Session expiration

Hi there, my team is responsible for a few clusters and the users are running into two different errors fairly frequently. At the moment we are focusing on two issues that seem to have similar causes.

The first log entry is: GET /api/security/<mark>logout</mark>?msg=SESSION_EXPIRED&next=%2Fapp

The second entry is less frequent: { Error: [security_exception] token expired, with { header={ WWW-Authenticate="Bearer realm=\"security\", error=\"invalid_token\", error_description=\"The access token expired\"" } }

These unwanted logouts are only occuring when the users us chrome. They have been using firefox for the last two days and haven't run into either issue yet. When they were using chrome we also saw issues loading dashboards. We pulled up task manager and watched the network traffic when they clicked on the dashboard in question. There was a short time when data was moving then quickly and suddenly the network data would stop.

We have made the following changes to the kibana.yml with out any success.

xpack.security.session.idleTimeout: "16h"
xpack.security.session.lifespan: "2d"

Any thoughts or help would be greatly appreciated!

Hi @alaine ,

What version of the Kibana you're using? If anything older than 7.10, then I'm afraid you're hitting the issue we've discovered recently:

In January 2021 Chrome released (and hence all Chromium based browsers I suppose) a so called intensive throttling feature, that's triggered when all of the following conditions are true:

  • The page has been hidden for more than 5 minutes.
  • The chain count is 5 or greater.
  • The page has been silent for at least 30 seconds.
  • WebRTC is not in use.

In this case, the browser will check timers in this group once per minute effectively increasing any auto-refresh interval that you set to be at least one minute. This browser behavior conflicts with the auto-refresh logic in various way, but these are technical details.

Firefox doesn't have an "intensive throttling" mode yet and hence the issue isn't reproduced there.

Unfortunately there is not much you or we can do here, the options are basically these:

  • Upgrade to 7.10 that introduced server-side sessions in Kibana that are supposed to remede unexpected logouts
  • Use a non-Chromium based browser (e.g. Firefox)
  • Continue using Chrome, but turn off intensive throttling. Go to chrome://flags/ and disable Throttle Javascript timers in the background.

Best,
Oleg

Oleg, thanks for getting back to me the cluster that I am paying the most attention to and where this is the most noticeable is on 7.10.1. Which seems like this might not be the issue that we are seeing? I am going to take a look at the chrome settings and suggest it to the guys anyways. Any other thoughts for why it could be happening on 7.10. Thanks so much I am going to share your answers with the group. We have been stuck for quite a while on this one.

Yeah, intensive throttling still affects 7.10, but it shouldn't cause sporadic logouts unless you've discovered something new that we're not aware of yet.

If you're an Elastic customer, then just file a support ticket and it will eventually hit my team.

If not, feel free to file a bug here and attach Kibana verbose logs and HAR file (please remove any sensitive info from there first) and tag me @azasypkin.

Best,
Oleg

Sounds good. I just got added to the support contact list so I will go ahead and file a ticket with support. Thank you for your help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.