0

I have configured my Vaadin23 application with stateless authentication model and Keycloak SSO. I use JWT token with Cookie in order to restore the user session on application redeploy. At first glance everything is working fine. But, from time to time, users claim that they are moving to the home page after some time of using the website when they click something on the page. There are no issues at the log. I suspect that this issue maybe related to JWT token or HTTP session expiration. By default, my JWT token lives 1800 secs (30 mins). Also, I have the following properties for my Spring Boot application:

server.servlet.session.timeout=1d
spring.session.timeout=1d
server.servlet.session.tracking-modes = cookie
server.servlet.session.cookie.http-only=true
server.servlet.session.cookie.secure=true

vaadin.heartbeatInterval=300
vaadin.pushLongPollingSuspendTimeout=60000
vaadin.maxMessageSuspendTimeout=7000
vaadin.websocket.idle.timeout=45000
vaadin.compatibilityMode = false

Right now, I have no idea where to dig in order to catch and fix this issue. So, I'll appreciate any help in order to solve this. Please advise, where I should dig in order to shed light on this issue.

cfrick
  • 35,203
  • 6
  • 56
  • 68
alexanoid
  • 24,051
  • 54
  • 210
  • 410
  • At best you can move the scenegraph over to the next instance via shared session state. But even then I doubt you can conjure up some 100% uptime. – cfrick Nov 04 '22 at 22:22
  • I agree. But with JWT approach I may at least emulate stateless scenario. I keep `userId` in JWT and thus may restore the UI/session from scratch on the next instance. It may be more optimal in case I'll combine this with sticky sessions. At the very least, this will keep the user's session alive after the new version of the application is deployed to the server. – alexanoid Nov 05 '22 at 03:36
  • Did you find the issue @alexanoid? – David Hofmann Dec 04 '22 at 20:31
  • Unfortunately no, so I rejected the idea with JWT – alexanoid Dec 05 '22 at 09:21

0 Answers0