This link you followed as expired

[srhpolansky]

Describe the bug After I enable the plugin, I often run into an issue where I'll click to edit a post or disable/enable a plugin and I'll get redirected to a page that says "This link you followed has expired". After hitting "Try again", I just run into this endless loop. If I open the site in incognito mode, I can usually get far enough to disable the plugin, make the changes I need to, and then enable it again. Let me know your thoughts, I'm happy to provide any logs.

To Reproduce Steps to reproduce the behavior:

1. Go to Plugins
2. Click on Deactivate on any plugin
3. See error

If I open the window in Incognito mode, I can disable the OpenID Connect plugin (without receiving an error) to make the changes I need to.

Screenshots If applicable, add screenshots to help explain your problem.

Expected behavior A clear and concise description of what you expected to happen.

Isolating the problem (mark completed items with an [x]):

• [x] I have deactivated other plugins and confirmed this bug occurs when only this plugin is active.
• [ ] This bug happens with a default WordPress theme active.

No this is a basic theme from https://underscores.me/

• [x] I can reproduce this bug consistently using the steps above.

WordPress Environment

• Website URL:
• PHP Version: 7.3.22
• WordPress Version: 5.5.1
• Plugin Version: 3.8.0
• Identity Provider: Microsoft
• Relevant Plugin Settings: Enable Refresh Token, Link Existing Users, Create user if does not exist, Redirect to the login screen when session is expired, Enforce Privacy, Alternate Redirect URI all checked. --

[timnolte]

@srhpolansky this sounds like possibly a bug. I've updated your issue description with more items to be filled out to further debug the issue. Can you please fill that out by editing the description? Thanks!

[srhpolansky]

@timnolte Updated the ticket with the info you asked for. I left the site blank since it is a company site and I'm hesitant to post the link on a public thread. If you need it, perhaps I can directly message it to you. Let me know if you need anything else. Thanks!

[timnolte]

@srhpolansky have you confirmed that the link expired issue only occurs when this plugin is active, and I mean does the issue go away if you disable this plugin? Also can you confirm what your max_execution_time time is set to on your server. When this error occurs it is usually related a failure to verify the nonce when submitting a form. Another possibility is to check and see if disabling the Refresh Token makes a difference.

Can you confirm if you are using version 1 or 2 of the Azure AD endpoints?

[srhpolansky]

1. Can confirm the issue goes away when the plugin is disabled.
2. Where would I find the max_execution_time?
3. Disabling the Refresh Token does not make a difference.
4. Azure Endpoints version 2.0

[timnolte]

@srhpolansky I'm looking into this some more. After some additional review I'm thinking this may be caused by a combination of the Refresh Token option, as well as the "Redirect to the login screen when session is expired" option. The session expired option is tracking if the access token has expired. I believe the access token expiration may be forcing the WordPress session to be terminated. I'm doing some more digging into this.

[timnolte]

Noting that this may be related to an older open item, #178 , where the access token is not being updated during the token refresh. If that is the case when the token refresh occurs the access token expiration is not being extended.

[srhpolansky]

Thank you for the update! Let me know if there is anything I can do on my end!

[timnolte]

@srhpolansky can you confirm if turning off the option to send users to the login page when the session expires fixes your issue? I'm testing this as well.

[srhpolansky]

Can confirm that turning off the option to "Redirect to the login screen when session is expired" does not fix the issue

[eriksays]

@timnolte -- wanted to follow up on this ticket. Will this be part of the next release?

[timnolte]

@eriksays I need to get back to my testing and analysis on this issue. Been sidetracked by other work and haven't had a chance to complete my work on this. I'm hoping to release another version with fixes before adding any new features.

[craigmazer]

@timnolte Any update on the issue with Azure causing frequent WordPress logouts? It's having a real negative impact on my team. You can reach me at [email protected] if that's easier. We would love to get this resolved. Thanks in advance!

[craigmazer]

@timnolte Is there a better way to reach you to discuss this situation? If you're not the right person, do you know who is? Thank you!

[timnolte]

@craigmazer no, this is the best way get support. There is no paid support and I'm doing all of this in my limited free time along with all of my other family and personal demands on my time. I've additionally had to devote some time elsewhere. We do use this plugin on many client sites at my day job and don't have this issue which is why I am also unable to devote work/paid time to this. To be clear, it's not that content editors are never logged out, we have had those reports but it is expected that it is due to the Azure AD session limits imposed by the clients configuration and not the site directly, and it hasn't been reported as an issue in a long time. The plugin is installed on like 25 different client sites.

Do you have any sort of catching setup on your site? This would include a caching plugin, Cloudflare, and even an object cache such as Memcache/Redis? What IDP are you using and how is it configured? I have a handful of test environments setup with some of the common IDPs such as Azure AD/Amazon Cognito/Keycloak, though I no longer have access to Google Workspace. The more details you can provide to what all you are using on your site would be helpful.