mysteriously expiring sessions

Lipscomb, Gary glipscomb at csu.edu.au
Thu Feb 4 18:16:28 EST 2016


Is it the shibboleth session timing out OR the application timing out due to inactivity and then wanting reauthentication?

> -----Original Message-----
> From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Pottinger,
> Hardy J.
> Sent: Friday, 5 February 2016 10:04
> To: users at shibboleth.net
> Subject: mysteriously expiring sessions
>
> Hi, I've been chasing this issue for a while, I have users that occasionally walk
> away from their computers (bathroom breaks, reload their coffee,
> *meetings*, the usual) and they grumpily complain to me when they have to
> re-log in, so I've made changes to our shibboleth configuration to
> accommodate them (I think). However, they still report that their sessions
> are timing out, so, I have turned on debug logging and am trying to figure out
> what's happening. Today a user gave me enough detail to actually look in the
> logs and find her session, here's what I've found:
>
> 2016-02-04 09:04:04 DEBUG Shibboleth.SessionCache [994]: creating new
> session
> 2016-02-04 09:04:04 DEBUG Shibboleth.SessionCache [994]: storing new
> session...
> 2016-02-04 09:04:04 DEBUG XMLTooling.StorageService [994]: inserted record
> (session) in context (_9b6f04da7f13d869e3f79338fe964d01) with expiration
> (1454684644)
>
> OK, great, she has logged in... I scan down for any mentions of that session, I
> see a few, here's the last one:
>
> 2016-02-04 09:07:45 DEBUG XMLTooling.StorageService [978]: updated
> expiration of valid records in context (_9b6f04da7f13d869e3f79338fe964d01)
> to (1454684865)
> 2016-02-04 09:08:27 DEBUG Shibboleth.Listener [983]: dispatching message
> (touch::StorageService::SessionCache)
>
> that Unix timestamp on that line (for the expiration) converts to: Fri, 05 Feb
> 2016 15:07:45 GMT, which, converting to CST: Fri, 05 Feb 2016 09:07:45 CST, is
> actually still valid... so... something else happened to this session.
>
> Scanning down a bit, I can see where she re-logs in and gets a new session
>
> 2016-02-04 12:39:10 DEBUG Shibboleth.SSO.SAML2 [1052]: decrypted
> Assertion...
>
> So, sometime between 2016-02-04 09:08:27 and 2016-02-04 12:39:10, her
> session information expired, and looking at the log files, the only lines
> mentioning expiring sessions are at 10:24 and 11:24.
>
> 2016-02-04 10:24:02 INFO XMLTooling.StorageService : purged 6 expired
> record(s) from storage
> 2016-02-04 11:24:02 INFO XMLTooling.StorageService : purged 1 expired
> record(s) from storage
>
> Has anyone else observed Shibboleth incorrectly expiring session
> information from the cache? Is there any configuration option I should be
> looking at that would prevent this from happening? Thanks!
>
> --Hardy
> --
> To unsubscribe from this list send an email to users-
> unsubscribe at shibboleth.net

Charles Sturt University

| ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO | GOULBURN | MELBOURNE | ORANGE | PORT MACQUARIE | SYDNEY | WAGGA WAGGA |

LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia
http://www.csu.edu.au
The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795
(ABN: 83 878 708 551; CRICOS Provider Numbers: 00005F (NSW), 01947G (VIC), 02960B (ACT)). TEQSA Provider Number: PV12018


Consider the environment before printing this email.


More information about the users mailing list