Users being kicked out of session unexpectedly

georgechen
Kilo Guru

Hi folks,

Just wondering if anyone ever experienced logging out from an active session unexpectedly in ServiceNow,     I have received a few clients who have occasionally been kicked out from session within glide.ui.session_timeout time frame (240 minutes)

One user has been logged out within 10 minutes unexpectedly, and another had the same issue within an hour.     This issue trends to occur more frequently on Internet Explorer v11 although this also occurs to other browsers.     Most of the times, the sessions are reliable but it does happen from time to time.

The users reporting this issue are in the same network as I am, despite it happens to me very rarely in Firefox / Chrome.

Referring to https://community.servicenow.com/thread/162754 it reads, "It seems now that this was caused by the property "glide.ui.rotate_sessions" that was set to TRUE as part of the High Security Plugin. We changed this to false last week and have not heard this issue reported since then."

I am not sure what ripple affects this might imply if disabled, but would like to get your advice on how to troubleshoot this issue.

Any advice would be appreciated.

Thanks,

5 REPLIES 5

tony_barratt
ServiceNow Employee
ServiceNow Employee

Hi George,



You might get more insight into the issue if you turn on SAML debugging and check script logs and or deploy fiddler or similar in your browser.


As the issue is intermittent you might need some luck as well.



Best Regards



Tony


Hi Tony



Thanks for your advice, I have got the SAML plug-in in my Firefox and Chrome, and are learning how to use it to check the logs.   I hope I can leverage this extension.



Kind regards,


George


Hi George,



There is some guidance on setting glide.ui.rotate_sessions here which is relevant to your post.



High Security Settings properties



glide.ui.rotate_sessionsRotate HTTP session identifiers to reduce security vulnerabilities. See:http://www.owasp.org/index.php/Session_Management#Rotate_Session_Identifiers.

Default: Yes


If you are using the SAML 2.0 plugin for Single Sign-on authentication, set this feature to false. Otherwise, it interferes with the session information sharing that takes place between the instance and the Identity Provider.


Best Regards



Tony


Thanks Tony, I will probably need to digging into this article for further learning about what this properties would affect the sessions.



Your advice is much appreciated.



Kind regards,


George