User session not expiring | Foundry VTT | Page 1

lusty wave Feb 26, 2023, 1:52 PM

#

Hi there.
My game has one particular user whose session never expires, meaning that he can't log back in after logging out. It's a very consistent issue for him - other people can log out and back in just fine.
His Browser (tested with latest Firefox and Chrome) does not show any errors. The issue appears regardless of whether he closes the tab or uses the logout button.
The server shows this:

#

Looking at the code, the error is not surprising. With world s and user e (formatted for readability):

expire(s, e) {
    const t = this.get(s, e);
    global.logger.info(`Expiring client session ${t.id}`), this.sessions.delete(t.id), e.clearCookie("session")
}
get(s, e) {
    const t = s.headers.cookie ? cookie.parse(s.headers.cookie) : null;
    if (!t || !t.session) return null;
    const i = this.sessions.get(t.session);
    if (!i) return null;
    return Date.now() > i.expires ? (this.expire(s, e), null) : i
}

That's an infinite loop, so I'm surprised that it works for everyone else.

#

This is on Foundry 10.291 with SWADE 2.1.7. The server is running with Node.js on a dedicated Debian machine.

patent plaza Feb 26, 2023, 2:00 PM

#

That's not an infinite loop. If the cookie expires, it nulls it out.

There's something else that is at play here. If it was server side code, it would affect everyone.

Any reverse proxy setup on the server?

Any 3rd party security/web extensions on the user?

lusty wave Feb 26, 2023, 2:01 PM

#

Yes, the server is running behind an nginx proxy.
We tried disabling interfering software, e.g. Kaspersky AV. Tested on a clean Chrome install without extensions.

patent plaza Feb 26, 2023, 2:03 PM

#

Is the nginx config the same as here: https://foundryvtt.com/article/nginx/

I personally suspect Kaspersky, just because I know AV's and even when they're disabled, they're not disabled, though I will say I know others who have been on here with Kaspersky and I've not seen this before.

#

I also run nginx on my server, and this isn't an issue, so I have my doubts it's anything to do with that too (again, server side would affect everyone)

lusty wave Feb 26, 2023, 2:08 PM

#

The location settings are identical, the rest isn't because other stuff is running. Nothing particularly unusual though, I'll send you the config privately.

#User session not expiring