When viewing the page overlay, on some sites, the sidebar may fail to authenticate and shows the following message:

Error: Your session has expired due to inactivity

When this happens the AJAX call to the renderSidebar controller method is sent with a different session cookie than all the other requests which causes the API request to fail as the session is not authenticated.

See L3-197

Expected Behavior

The page overlay sidebar should consistently use the currently logged in session and not show an error.

Current Behavior

The page overlay sidebar intermittently fails to use the current session and loads with an error.

Possible Solution

If a Javascript breakpoint is added to Piwik_Overlay.js at line 33 (the beginning of the loadSidebar() method) and execution is immediately continued when that breakpoint is hit, then loadSidebar() sends the correct cookie and the error does not occur. As soon as the breakpoint is removed the session expired error returns on the next reload.

It appears to be some sort of race condition where loadSidebar() somehow executes before the session cookie is available and the small delay introduced by the breakpoint prevents this happening.

Adding a small delay to the loadSidebar() call might fix this, but to confirm the fix this issue would need to be recreated in development environment first.

Steps to Reproduce (for Bugs)

This is hard to recreate and has only been seen on one site so far.

1. Go to Behaviour > Pages
2. Choose a page url and click the 'Open Page Overlay' row action
3. In the new tab that opens the sidebar will display the 'session has expired' error

Context

This prevents usage of the page overlay feature for affected sites.

Your Environment

• Matomo Version: 4.6.2
• Matomo cloud
• Browser: Firefox, Chromium
• Operating System: Linux, MacOs