Skip to content

UI JWT - idle browser sessions expire #4767

Open
Bug
#4810
Open
UI JWT - idle browser sessions expire#4767
Bug
#4810
Assignees
SolidProgramming
Milestone
R001 migration away from Tufin

Description

@tpurschke
tpurschke
opened on Jun 16, 2026

Before the JWT refresh introduction, sessions stayed open for >8h.

What went wrong

  1. Both (admin and standard user) sessions expired with the following logs after an idle time of appr. 2h (estimated).
    Session could only be reload (F5) and then a new login was required.

  2. Observation (could be wrong - it might be that the original session was refreshed after all but the login screen displayed in-between nevertheless) I noticed that the two tabs where not separate from each other and the user information seems to be centrally available for the whole browser. Was there a change in storing the JWT information and is it somehow not to a tab anymore?

Version

Tested with develop branch

cat etc/last_commit_id.txt
d42f61e5364391dd8dcefd5cc54bc9e01df2a49c

Logs

UI

2026-06-16T17:36:26.645831+02:00 r001-stest fworch-ui:  2026-06-16T17:36:26+02:00 Audit - Session of "xUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "xUSER884" (last logged in) with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE" was closed. ----
2026-06-16T17:36:40.644689+02:00 r001-stest fworch-ui:  2026-06-16T17:36:40+02:00 Audit - Session of "dUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "dUSER884" (last logged in) with DN: "CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE" was closed. ----
2026-06-16T17:36:40.645963+02:00 r001-stest fworch-ui:  2026-06-16T17:36:40+02:00 Debug - PeriodicTaskRunner (PeriodicTaskRunner.cs in line 70), PeriodicTaskRunner stopped.
2026-06-16T17:39:40.644762+02:00 r001-stest fworch-ui:  2026-06-16T17:39:40+02:00 Audit - Session of "dUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "dUSER884" (last logged in) with DN: "CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE" was closed. ----
2026-06-16T18:36:04.111302+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - Jwt Validation (JwtReader.cs in line 79), Jwt was successfully validated.
2026-06-16T18:36:04.111925+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - importer Role Jwt (JwtReader.cs in line 35), Checking Jwt for admin role.
2026-06-16T18:36:04.112017+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - anonymous Role Jwt (JwtReader.cs in line 35), Checking Jwt for admin role.
2026-06-16T18:36:04.112093+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Info - API Connections (GraphQlApiConnection.cs in line 414), Reconnecting 0 API subscriptions after JWT refresh.
2026-06-16T18:36:04.112676+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - Claims Jwt (JwtReader.cs in line 114), Reading claims from Jwt.
2026-06-16T18:36:04.148255+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - Load Global Config Items (Config.cs in line 111), Config item with key "modUpdateableObjAreas" could not be found. Using default value.
2026-06-16T18:36:04.148509+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - Load Global Config Items (Config.cs in line 111), Config item with key "ownerLdapId" could not be found. Using default value.
2026-06-16T18:36:04.149283+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - Load Global Config Items (Config.cs in line 111), Config item with key "manageOwnerLdapGroups" could not be found. Using default value.
2026-06-16T18:36:04.149389+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - Get User Data (UserConfig.cs in line 106), Get user data from user with DN: "CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE"
2026-06-16T18:36:04.149439+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Debug - API call (GraphQlApiConnection.cs in line 273), Sending API call  in role admin: query getUserByDn($dn: String!) { uiuser(where: {uuid: {_eq: $dn } }) ... with variables: <redacted>
2026-06-16T18:36:04.373221+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Error - API Connections (GraphQlApiConnection.cs in line 284), Error while sending query to GraphQL API. Caught by GraphQL client library. Message: Could not verify JWT: JWTExpired
2026-06-16T18:36:04.373910+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Error - API Connections (GraphQlApiConnection.cs in line 306), Error while sending query to GraphQL API. Query: query getUserByDn($dn: String!) { uiuser(where: {uuid: {_eq: $dn } }) { uiuser_id uuid uiuser_username uiuser_email uiuser_first_name uiuser_last_name uiuser_language uiuser_password_must_be_changed } }, variables: <redacted>  --- Exception thrown:  InvalidOperationException Message:  Could not verify JWT: JWTExpired  Stack Trace:  at FWO.Api.Client.GraphQlApiConnection.SendQueryAsync[QueryResponseType](String query, Object variables, String operationName, QueryChunkingOptions chunkingOptions) in /usr/local/fworch/lib/files/FWO.Api.Client/GraphQlApiConnection.cs:line 288
2026-06-16T18:36:04.374712+02:00 r001-stest fworch-ui:  2026-06-16T18:36:04+02:00 Warning - Login (Login.razor in line 166), Failed to restore session token: Could not verify JWT: JWTExpired
2026-06-16T18:36:17.912920+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - Jwt Validation (JwtReader.cs in line 79), Jwt was successfully validated.
2026-06-16T18:36:17.913166+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - importer Role Jwt (JwtReader.cs in line 35), Checking Jwt for admin role.
2026-06-16T18:36:17.913237+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - anonymous Role Jwt (JwtReader.cs in line 35), Checking Jwt for admin role.
2026-06-16T18:36:17.913282+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Info - API Connections (GraphQlApiConnection.cs in line 414), Reconnecting 0 API subscriptions after JWT refresh.
2026-06-16T18:36:17.913323+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - Claims Jwt (JwtReader.cs in line 114), Reading claims from Jwt.
2026-06-16T18:36:17.970462+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - Load Global Config Items (Config.cs in line 111), Config item with key "modUpdateableObjAreas" could not be found. Using default value.
2026-06-16T18:36:17.970776+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - Load Global Config Items (Config.cs in line 111), Config item with key "ownerLdapId" could not be found. Using default value.
2026-06-16T18:36:17.970918+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - Load Global Config Items (Config.cs in line 111), Config item with key "manageOwnerLdapGroups" could not be found. Using default value.
2026-06-16T18:36:17.971036+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - Get User Data (UserConfig.cs in line 106), Get user data from user with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE"
2026-06-16T18:36:17.971147+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Debug - API call (GraphQlApiConnection.cs in line 273), Sending API call  in role reporter: query getUserByDn($dn: String!) { uiuser(where: {uuid: {_eq: $dn } }) ... with variables: <redacted>
2026-06-16T18:36:17.980277+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Error - API Connections (GraphQlApiConnection.cs in line 284), Error while sending query to GraphQL API. Caught by GraphQL client library. Message: Could not verify JWT: JWTExpired
2026-06-16T18:36:17.980478+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Error - API Connections (GraphQlApiConnection.cs in line 306), Error while sending query to GraphQL API. Query: query getUserByDn($dn: String!) { uiuser(where: {uuid: {_eq: $dn } }) { uiuser_id uuid uiuser_username uiuser_email uiuser_first_name uiuser_last_name uiuser_language uiuser_password_must_be_changed } }, variables: <redacted>  --- Exception thrown:  InvalidOperationException Message:  Could not verify JWT: JWTExpired  Stack Trace:  at FWO.Api.Client.GraphQlApiConnection.SendQueryAsync[QueryResponseType](String query, Object variables, String operationName, QueryChunkingOptions chunkingOptions) in /usr/local/fworch/lib/files/FWO.Api.Client/GraphQlApiConnection.cs:line 288
2026-06-16T18:36:17.980676+02:00 r001-stest fworch-ui:  2026-06-16T18:36:17+02:00 Warning - Login (Login.razor in line 166), Failed to restore session token: Could not verify JWT: JWTExpired

Audit

2026-06-16T10:42:57.397864+02:00 r001stest fworch.middleware-server:  2026-06-16T10:42:57+02:00 Audit - IssueTokenPair (AuthenticationTokenController.cs in line 441), Issued token pair after successful authentication. access_jti=8b9b41b7-fa3a-4730-a287-abb19c7ff382, access_expires=2026-06-16T11:42:57+02:00, refresh_expires=2026-06-17T10:42:57+02:00 by User: xUSER884 (DN: CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE) ----
2026-06-16T10:42:57.564372+02:00 r001stest fworch-ui:  2026-06-16T10:42:57+02:00 Audit - AuthenticateUser (AuthStateProvider.cs in line 53), User "xUSER884" with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE" successfully authenticated. ----
2026-06-16T11:41:58.435973+02:00 r001stest fworch.middleware-server:  2026-06-16T11:41:58+02:00 Audit - RefreshTokenPair (AuthenticationTokenController.cs in line 441), Refreshed token pair after refresh-token rotation. access_jti=a6a4e9e7-91dc-4ddf-9b29-1f25ae396ac9, access_expires=2026-06-16T12:41:58+02:00, refresh_expires=2026-06-17T11:41:58+02:00 by User: xUSER884 (DN: CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE) ----
2026-06-16T11:56:15.643584+02:00 r001stest fworch-ui:  2026-06-16T11:56:15+02:00 Audit - Session of "xUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "xUSER884" (last logged in) with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE" was closed. ----
2026-06-16T11:59:15.645440+02:00 r001stest fworch-ui:  2026-06-16T11:59:15+02:00 Audit - Session of "xUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "xUSER884" (last logged in) with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE" was closed. ----
2026-06-16T16:32:50.010758+02:00 r001stest fworch.middleware-server:  2026-06-16T16:32:50+02:00 Audit - RefreshTokenPair (AuthenticationTokenController.cs in line 441), Refreshed token pair after refresh-token rotation. access_jti=328cd508-b749-4e85-a872-4f243580359b, access_expires=2026-06-16T17:32:49+02:00, refresh_expires=2026-06-17T16:32:49+02:00 by User: xUSER884 (DN: CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE) ----
2026-06-16T16:33:40.248171+02:00 r001stest fworch.middleware-server:  2026-06-16T16:33:40+02:00 Audit - IssueTokenPair (AuthenticationTokenController.cs in line 441), Issued token pair after successful authentication. access_jti=e303cd01-a299-4830-ae74-89985be134e3, access_expires=2026-06-16T17:33:40+02:00, refresh_expires=2026-06-17T16:33:40+02:00 by User: dUSER884 (DN: CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE) ----
2026-06-16T16:33:40.355988+02:00 r001stest fworch-ui:  2026-06-16T16:33:40+02:00 Audit - AuthenticateUser (AuthStateProvider.cs in line 53), User "dUSER884" with DN: "CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE" successfully authenticated. ----
2026-06-16T17:31:51.182214+02:00 r001stest fworch.middleware-server:  2026-06-16T17:31:51+02:00 Audit - RefreshTokenPair (AuthenticationTokenController.cs in line 441), Refreshed token pair after refresh-token rotation. access_jti=72016462-8ca0-4ec9-841e-5694f97afa63, access_expires=2026-06-16T18:31:51+02:00, refresh_expires=2026-06-17T17:31:51+02:00 by User: xUSER884 (DN: CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE) ----
2026-06-16T17:32:41.023546+02:00 r001stest fworch.middleware-server:  2026-06-16T17:32:41+02:00 Audit - RefreshTokenPair (AuthenticationTokenController.cs in line 441), Refreshed token pair after refresh-token rotation. access_jti=26c8a692-b00e-40fe-a934-4a141c62fcb2, access_expires=2026-06-16T18:32:41+02:00, refresh_expires=2026-06-17T17:32:41+02:00 by User: dUSER884 (DN: CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE) ----
2026-06-16T17:33:26.643756+02:00 r001stest fworch-ui:  2026-06-16T17:33:26+02:00 Audit - Session of "xUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "xUSER884" (last logged in) with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE" was closed. ----
2026-06-16T17:36:26.645831+02:00 r001stest fworch-ui:  2026-06-16T17:36:26+02:00 Audit - Session of "xUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "xUSER884" (last logged in) with DN: "CN=XUSER884,OU=Benutzer,DC=r001dom,DC=DE" was closed. ----
2026-06-16T17:36:40.644689+02:00 r001stest fworch-ui:  2026-06-16T17:36:40+02:00 Audit - Session of "dUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "dUSER884" (last logged in) with DN: "CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE" was closed. ----
2026-06-16T17:39:40.644762+02:00 r001stest fworch-ui:  2026-06-16T17:39:40+02:00 Audit - Session of "dUSER884" closed (CircuitHandlerService.cs in line 33), Session of user "dUSER884" (last logged in) with DN: "CN=DUSER884,OU=ClientAdmins,DC=r001dom,DC=DE" was closed. ----

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Bug

Fields

No fields configured for Bug.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions