core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon dotCMS

Sessions expiring unexpectedly when using Redis

Open yolabingo opened this issue 1 year ago • 4 comments

Parent Issue

No response

Problem Statement

When using Redis for session storage, the session expires exactly 30 minutes after login even when actively using the backend.

Steps to Reproduce

Configure Redis session storage with

TOMCAT_REDIS_SESSION_ENABLED="true"
TOMCAT_REDIS_SESSION_HOST
TOMCAT_REDIS_SESSION_PORT
TOMCAT_REDIS_SESSION_USERNAME
TOMCAT_REDIS_SESSION_PASSWORD
TOMCAT_REDIS_SESSION_SSL_ENABLED="true"
TOMCAT_REDIS_SESSION_PERSISTENT_POLICIES="DEFAULT"

Log in and set a timer. You will be logged out in 30 minutes even if you click around the backend more recently.

Acceptance Criteria

Expected session timeout behavior

dotCMS Version

Observed on both 24.04.24 LTS and on trunk on our internal Prod and Authoring servers

Proposed Objective

Please Select

Proposed Priority

Priority 2 - Important

External Links... Slack Conversations, Support Tickets, Figma Designs, etc.

No response

Assumptions & Initiation Needs

No response

Quality Assurance Notes & Workarounds

No response

Sub-Tasks & Estimates

No response

yolabingo avatar Jul 24 '24 22:07 yolabingo

Only for 24.04 LTS

erickgonzalez avatar Aug 07 '24 14:08 erickgonzalez

Quick way to test that redis sessions are working

  1. download this docker compose file https://raw.githubusercontent.com/dotCMS/core/master/docker/docker-compose-examples/with-redis-session/docker-compose-node-1.yml

and rename it docker-compose.yml

  1. Update the volumes in the example to work.

  2. run

docker compose up

  1. Confirm you can log in.

  2. Add a new non-default site to dotcms

  3. In dotCMS admin tool, switch to the new site with the site selector in the top right corner

  4. leaving your browser open, restart just dotcms service with

docker compose stop dotcms-node-1 && docker compose start dotcms-node-1
  1. Once dotCMS has started up, refresh your dotcms screen - your site selector should stay on the non-default site. We store the user's host selection in session and this means that your session was restored from redis.

To see how it works without redis saving sessions, do the above and select the non-default host and then do this:

docker compose stop dotcms-node-1
redis-cli -a MY_SECRET_P4SS flushall
docker compose start dotcms-node-1

and then refresh your browser - you will see that the rMe (remember me) cookie will have re-logged you in but you are now viewing the "default" site. Basically, you have lost your original session.

You can also see in the dotCMS logs that the rMe cookie forced a new login for your user and not a continuation of our old session.

wezell avatar Aug 20 '24 21:08 wezell

IQA: PASSED

  • Docker Image: dotcms/dotcms:nightly_36f72e4

The User is still logged in when you're constantly clicking around in the back-end, and is logged out if you stay in a single portlet with no interaction.

jcastro-dotcms avatar Aug 26 '24 18:08 jcastro-dotcms

Approved: Tested on latest, Docker, macOS 14.5, FF v126.0.1

josemejias11 avatar Aug 28 '24 17:08 josemejias11