[47854] - Session Destroyed automatically . #8695
Conversation
….js; enhance Session.vue to utilize session state updates and warnings. This includes adding BroadcastChannel support for session events, localStorage management for session state, and integrating session renewal logic in the Session component.
…bootstrap.js; update Session.vue to handle session expiration and logout functionality with improved button interactions. Modify session.js to ensure proper handling of timeout warning seconds.
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
…ion event handling; improving performance and user experience during session management.
…rap.js and Session.vue; update broadcast logic to synchronize logout state across tabs, improving user experience during session termination.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
…ionality in sessionSync.js
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| return; | ||
| } | ||
| this.disabled = false; | ||
| this.setRenewingState(false); |
There was a problem hiding this comment.
Unsafe error property access causes crash
High Severity
The keepAlive error handler accesses error.response.data.errors without null checking, which throws a TypeError for network errors, timeouts, or server errors that lack the expected structure. This crashes the error handler and prevents proper error recovery when session renewal fails.
| // Only the leader drives the worker countdown. | ||
| refreshSessionStateFromStorage(); | ||
| startTimeoutWorker(sessionState.timeout); | ||
| } |
There was a problem hiding this comment.
Double worker start on visibility change leadership
Low Severity
When a hidden tab becomes visible and claims leadership, the timeout worker receives two "start" messages within milliseconds. The updateLeadership call at line 481 triggers ensureWorkerRunning which starts the worker, then line 488 immediately starts it again, causing the second start to override the first with slightly different timing calculations.
Additional Locations (1)
| workerStarted = false; | ||
| closeSessionModal(); | ||
| } | ||
| } |
There was a problem hiding this comment.
Worker restart blocked when modal unavailable
Medium Severity
When a tab loses leadership, the workerStarted flag reset at line 467 only happens if closeSessionModal exists. In layouts without the session modal, the flag remains true, preventing the timeout worker from restarting when the tab regains leadership. This breaks session timeout functionality when switching between tabs.
|
QA server K8S was successfully deployed https://ci-4956f1abde.engk8s.processmaker.net |
|
Issue & Reproduction Steps
The session loss warning when you have multiple tabs does not correctly control the time of each one; the time should be global and synchronized for all of them.
Solution
How to Test
Log in to the ProcessMaker platform.
Open multiple browser tabs, such as:
Editing a screen
Editing a script
Editing a process modeler
Viewing a request page
Work on one of the open screens while leaving the other tabs idle.
After 5–10 minutes, the session automatically expires some time take more than.
When you try to submit changes, an "Unauthorized" message appears, along with a "Stay Connected" prompt.
If you do not click "Stay Connected" or miss the prompt, you are automatically logged out.
As a result, any unsaved changes in screens, scripts, or process models are lost.
Related Tickets & Packages
Code Review Checklist
ci:deploy
Note
Introduces a centralized session synchronization mechanism to keep session timeout, warnings, and renewals consistent across browser tabs.
common/sessionSync.jswith BroadcastChannel/localStorage-based state, leader election, and a single timeout Web Worker driving cross-tab warnings/expirybootstrap.jsandnext/config/session.jsto initializeinitSessionSync, exposingAccountTimeout*globals andsessionSynchelpers instead of manual worker wiringSession.vueto show a renewing spinner state, disable actions during keep-alive, handle 401/419, and broadcastrenewing/renewed/expired/logoutevents to other tabs; only leader restarts the workerapp-layout.js,next/layout/navbar.js, Blade) withsessionIsRenewingand passes:is-renewingto the session modal; closing the modal resets renewing stateWritten by Cursor Bugbot for commit 81cb879. This will update automatically on new commits. Configure here.