Users are logged out too soon
Incident Report for Evidos trust services
Resolved
This incident has been resolved.
Posted May 11, 2021 - 15:45 CEST
Monitoring
We have implemented the change which solves issues with logging out too soon.
You should be able to continue working in the portal and creating transactions in a longer timeframe than 2 minutes without encountering logout issues.

To benefit from this change, you might have to delete your signhost and evidos related cookies, and login again.
Posted May 11, 2021 - 13:51 CEST
Update
The issue works as expected on our staging environment, test have been performed. We are working towards a release with an expected timeframe of about 2 - 3 hours at most.

We keep updating this space as more information comes in.
Posted May 11, 2021 - 12:01 CEST
Update
Review for this change has been done, we are working towards a release for tomorrow if all goes well. We keep updating this space when new information comes in.
Posted May 10, 2021 - 17:03 CEST
Update
We are still working on the fix for this change. We will send an update later today about expected release, and if we will make the expected schedule of two work days as communicated thursday.

The change has our full attention.
Posted May 10, 2021 - 13:02 CEST
Update
A bit of background on this issue. We are using a certain method (silent-refresh) to keep people logged in to our web portal. Major browsers were looking to stop supporting this method last year, but due to Covid-19 this end of support was postponed as focus was understandably elsewhere.

It happened to be that support for this method was pulled a few days ago by major browsers, which results in users being logged out quickly in our platform. We are working hard to switch over our login method to a supported one, which requires some research and work. Our current silent-refresh method did not break or needs to be fixed, but as support was pulled by major browsers we have no other option than to change over quickly. This is not something experienced by just us, but has broader implications for web cloud services.

Because it is possible on our create transaction screen to spend more than two minutes entering data, this problem is hindering daily work. On pages and services where you don't regularly spend more than a few seconds looking up data this issue will probably not even be noticed.

We are now nearing completion of this new login method implementation. We aim for release within 1-2 work days, and are testing the new login to make sure all our services keep working correctly. As this pertains a last minute rewrite of our log in session protocols, we need to keep security and robustness for all our users in mind.

We refer to below workarounds for any urgent transactions so you can keep using our portal, and ask you to bear with us just a bit longer until this is solved in a robust and future-proof manner.
Posted May 06, 2021 - 17:47 CEST
Update
The solution works on the test environment, we are looking to review the solution today to make sure it complies with security and code standards, which enables us to release this on production.

We have two workaround active which might be used for urgent transactions:
- When you create and send the transaction within two minutes (120 seconds) it sends out correctly.
- Have two tabs open with our portal. Create the transaction in tab one. Do not send yet! Refresh our portal in tab two. Your user will be active again. Go back to tab one, and click send. The transaction sends out even after two minutes without issue.

This is of course a temporary situation, we are looking to restore full functionality ASAP.
Posted May 06, 2021 - 14:24 CEST
Update
The technical solution is being built on a test environment. We expect this to be testable soon, so we can roll out further to all our customers.
Please bear with us, we are aware of the urgency of this fix, but as this issue hits secure session management we have to be careful and comprehensive in our solution design.
Posted May 05, 2021 - 16:53 CEST
Update
The root cause of this issue has been found, and has to do with a change in certain Oauth / OpenID functionality around keeping user sessions alive.
We are looking into a quick fix to keep this issue from causing hindrance while using our portal, and hope to give a more definitive fix timeline shortly.
Posted May 05, 2021 - 09:57 CEST
Update
We are continuing to work on a fix for this issue.
Posted May 04, 2021 - 15:32 CEST
Update
We are continuing to work on a fix for this issue.
Posted May 04, 2021 - 10:42 CEST
Update
We are continuing to work on a fix for this issue.
Posted May 03, 2021 - 17:15 CEST
Identified
We have identified an issue in our web portal where users are logged out too soon, which might lead to closing connections or strange behaviour. We are working to restore full user session functionality so sessions do not end abruptly.
Posted May 03, 2021 - 11:26 CEST
This incident affected: Portal.