Logs out of application automatically.

Hemanth_L

Hi Team,
I'm encountering an issue where a non-admin user session logs out automatically after some time, without any visible console errors.
Here's the scenario:

I've created and hosted a custom .exe version of the application.
I'm logged in as an admin in one browser tab.
Simultaneously, I log in as a normal user in another tab (or incognito window).
After a while, the normal user session logs out automatically, while the admin session remains active.

There are no errors in the browser console or server logs indicating why the logout occurs.
Could someone please assist in identifying the cause and suggest a resolution?

Thanks in advance for your support.

gabriel

Automatic logout is a feature, as access tokens expire after a set interval of time. This setting (s. Admin panel -> System -> Max. session time in hours) is however set to multiple days by default. As you have not specified how quickly the logout occurs, I assume it happens much faster than that.

If this is the case, we need to go through multiple possibilities:

Do you use a proxy? If yes, did you check websocket timeouts?
Are you using the same URL for both sessions?
How does the logout "look" - is the user shown the username + password prompt?
Did you switch the system to maintenance mode? Doing so automatically kills all non-admin user sessions.

Hemanth_L

Thank you for your response.

To clarify:

The user gets logged out automatically after just a few minutes, despite the max session time being set to the default (which is multiple days).
Yes, we are using a proxy server, but the WebSocket timeout has already been configured to the maximum allowable value.
We are accessing the same URL for both sessions, though using different browsers.
Upon logout, it doesn't redirect to the username/password prompt — instead, the session seems to be completely cleared out without any standard login prompt being displayed.
The system has not been switched to maintenance mode.

Would appreciate any further insights or suggestions based on this behavior. Thanks in advance.

gabriel

Hemanth_L Upon logout, it doesn't redirect to the username/password prompt — instead, the session seems to be completely cleared out without any standard login prompt being displayed.

What does this mean? Does it not show anything? Maybe you could share a screenshot.

Hemanth_L

gabriel What does this mean? Does it not show anything? Maybe you could share a screenshot.

Hi Gabriel,

Thanks for the follow-up.

Apologies for the confusion earlier. To clarify: when the logout occurs, the application does return to the login page — the user is simply redirected back there and prompted to enter credentials again. There’s no error message or notification displayed, and nothing unusual appears in the console or logs.

Given that we’re using a proxy setup (IIS as a reverse proxy), we’re beginning to suspect this may be related to session persistence or timeout handling in the IIS configuration — potentially affecting how WebSocket connections are being managed, but if you’ve encountered similar behavior before or have any guidance on what to look out for specifically in the proxy settings, we’d appreciate any suggestions.

Thanks again for your continued support.

gabriel

Hemanth_L

If both user sessions (admin & user), use the same URL and presumably go through the same reverse proxy, it would be interesting to learn, why they behave differently.

Unfortunately, I personally have very little experience with IIS. Maybe someone else can step in here. In regards to Websockets (or client tunnels as some proxies call it), it "just" requires the extension (or deactivation) of timeouts.

But before you spend too much time on this, you could verify that this is the common cause by sidestepping the reverse proxy. If the issue only occurs with it, you at least know that you´re working on the right problem.

Hemanth_L

Hi gabriel

Thanks again for the input.

We did some testing based on your suggestion and can confirm that the issue appears to be tied to the proxy configuration. When we run the application locally or via Docker without the IIS reverse proxy in place, both admin and non-admin sessions remain stable and behave as expected — no unexpected logouts occur.

The automatic logout issue only surfaces when the application is hosted behind IIS. So it does seem to be related to how IIS is handling session persistence or WebSocket timeouts, as you mentioned.

We’ll now focus our efforts on reviewing and adjusting the IIS configuration. If anyone in the community has experience with similar setups or recommended IIS settings to avoid such session drops, that guidance would be very welcome.