@kiwi2101 opened this Issue on February 4th 2020

In a Matomo 3.13.1 when I'm calling a Page Overlay I always get kicked out of the current session with message "Error: Your session has expired due to inactivity. Please log in to continue."
I can't find any reason for this behavior. Any help would be appreciated!

@tsteur commented on February 4th 2020 Member

You may get logged out if you don't select "remember me" on log in and if you're not active for 30 minutes. For how long are you on the overlay page usually when this happens?

@kiwi2101 commented on February 5th 2020

I did select "remember me" on login. I'm getting kicked out as soon as I call the overlay page.

@tsteur commented on February 6th 2020 Member

I've tried to reproduce this on a few Matomo installations but always works for me. Do you know if there is any custom login plugin active, or anything else custom maybe? Eg do you log in regularly through the regular log in screen or maybe use a feature we have called logme or something?

@tsteur commented on February 6th 2020 Member

Also... wondering... do you maybe have eg on the page you are opening the overlay for maybe disableCookies active or so?

@kiwi2101 commented on February 7th 2020

Matomo is a pretty standard installation but quite a lot of pages getting tracked there (15 in total). No special login or disableCookies on the target pages. I wondered if there is any Header data which interferes but removing them didn't help.
Strange thing was, that I could call the staging-System. No difference there but the staging domain is the same where matomo is running.
So I double checked the output in Chrome and got following warning:

"A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and ."

By the way I can see the iframe content with the called page but the main frame shows the session timeout error message. I also tried the option overlay_disable_framed_mode but looks like the same thing happens, the page is called without any bubbles.

@tsteur commented on February 9th 2020 Member

Is your site or Matomo running on http://?

Any chance you could maybe create a login for us so we could reproduce it there and do some investigation? I suppose a user with view access be enough. If so, feel free to send us details to hello at matomo dot org.

Otherwise be good to know if your site is running http or https

@pyuyu commented on February 11th 2020

I also encountered the same problem

@BigIron5 commented on February 13th 2020

Same problem here.

@mattab commented on February 13th 2020 Member

@tsteur the issue can also be reproduced in our instance, it looks like this on loading Overlay:
Screenshot from 2020-02-14 10-56-57

and then the session is logged out.

@BigIron5 commented on February 13th 2020

Yep, seeing the same thing here in both Chrome and Firefox.

@tsteur commented on February 13th 2020 Member

It seems to depend on the site. For matomo.org it cannot be reproduced while it can be reproduced for innocraft.com

@tsteur commented on February 19th 2020 Member

I tested and https://github.com/matomo-org/matomo/pull/15561 fixes it for me.

This Issue was closed on February 20th 2020
Powered by GitHub Issue Mirror