openid-connect-generic icon indicating copy to clipboard operation
openid-connect-generic copied to clipboard

Published 20 hours ago verified publisher icon oidc-wp

Popups appear 4 minutes after visiting a page

Open aeonoea opened this issue 1 year ago • 4 comments

Describe the bug Hi, I managed to link this plugin to our SSO server from Synology and log in works great. There is only one bug that prevents me from using it at the moment. After successful login, when in the admin backend on any page there is some kind of timeout active, at exactly 240 seconds after opening a page. The popup is just a miniature version of the dashboard at first and can be closed. But after another 4 minutes there is another popup stacked on to it, and another... and at some point when trying to close them I am redirected to the log in page, where I can click on Login via OpenID and I am immediately logged in again.

Is there some kind of timeout setting that I missed? The only one I can find seems to be related to the communication between sso server and plugin and it's set at 180 seconds, so that can't be it.

To Reproduce Steps to reproduce the behavior:

  1. Log in via OpenID
  2. Browse and do stuff
  3. When idle for 240 seconds popup appears (see screenshot)
  4. Close popup or be redirected to login screen

Screenshots Screenshot 2024-10-07 at 18 33 15 Screenshot 2024-10-07 at 22 54 37

WordPress Environment

  • PHP Version: 8.2.15
  • WordPress Version: 6.6.2
  • Plugin Version: latest
  • Identity Provider: Synology SSO
  • Relevant Plugin Settings: mostly default

aeonoea avatar Oct 07 '24 16:10 aeonoea

This is a timeout issue due to a current bug in the code that is improperly using the token refresh interval as the session expiration. There is a hook you can use to change this length to temporarily address it until we push out a fix.

Use the auth_cookie_expiration filter to change the session expiration.

timnolte avatar Oct 07 '24 22:10 timnolte

Thanks for this! Although no change in behaviour can be observed unfortunately. I put this at the end of functions.php in the theme editor. Does it seem right? It's my first time doing a hook with the help of gpt...

add_filter( 'auth_cookie_expiration', function() { return 86400; // Adjust the session length in seconds (86400 = 24 hours) });

aeonoea avatar Oct 08 '24 08:10 aeonoea

Also what I observed is that it's not possible to log out anymore. When confirming logout, the next screen shows me logged in still, and again and again. I am logged in as admin and should have all rights. When deactivating the theme everything works as expected again. Is that a seperate issue or related to the timeout?

aeonoea avatar Oct 08 '24 08:10 aeonoea

Also what I observed is that it's not possible to log out anymore. When confirming logout, the next screen shows me logged in still, and again and again. I am logged in as admin and should have all rights. When deactivating the theme everything works as expected again. Is that a seperate issue or related to the timeout?

I have exactly the same issue with WooCommerce 9.4.3, previously it worked flawlessly.

brnbs avatar Dec 14 '24 10:12 brnbs

Also what I observed is that it's not possible to log out anymore. When confirming logout, the next screen shows me logged in still, and again and again. I am logged in as admin and should have all rights. When deactivating the theme everything works as expected again. Is that a seperate issue or related to the timeout?

I have exactly the same issue with WooCommerce 9.4.3, previously it worked flawlessly.

Check the readme or update somewhere here, the plugin was moved to a different repository. Mew version fixed this issue in my case for the most part.

aeonoea avatar Dec 14 '24 11:12 aeonoea