Solved: QS 2019 how to kill sessions - Qlik Community

akeswani · ‎2020-11-23

Hi,

I have a web portal (in Angular) where I am opening QS hub in a hidden iframe so the user gets authenticated that way (not the perfect way). this page has a link that when clicked, opens another page that displays list of Qlik apps user has access to. I am calling engine APIs to get list of apps etc. i recently upgraded to June 2019 version of QS.

On and off, some of the users are having issues where session count is going above 5. i can see the errors in repository logs. I can also see the error in chrome console saying QS 400 error, as the hub cannot open in iframe. Also, we asked users to use Chrome all the time, but after this error, they switched to firefox and it works there for some reason !! why it works when it's above 5 sessions?

Session inactivity timeout : 30 mts, and using SAML auth. (ExcelUDC)

what is the solution for this ? how can i kill those sessions ? or should i go for an actual authentication method instead of opening QS in iframe like this? I do not know how/which authentication api to use with engine APIs.

please advise.

thanks.

akeswani · ‎2020-11-25

Found the solution.

https://community.qlik.com/t5/Support-Knowledge-Base/Missing-SameSite-attribute-blocks-requests-in-C...

Since the QS was opening in iframe and domain is different than my website, some cross domain issues were in chrome console. i upgraded to june 2019 patch 10, and it has solution for samesite=None fix.

View solution in original post

akeswani · ‎2020-11-24

Can somebody please help ? is there any way I can temporarily kill the user sessions ? i restarted all the Qlik services but no change. Below is screen when display the iframe, the hub connection is not there.

the session count immediately jumps to 5 somehow, i can see that in repository log : OperationType: 'UsageDenied'

i have searched all the posts on this, and watched the videos but there is no solution i could find. can i somehow kill all those sessions ? and every one hour i see that the sessions are deleted, in the same log file:

Professional access usages. User: '' OperationType: 'Timedout', UsageID: '0a18565f-a96b-47f8-8211-20164bf1253f', SessionID: '89f9541c-e9e1-4435-a925-bb9ce7e1a7e9' deleted by 'INTERNAL\bootstrap'

.. lot of entries like this every hour , doesn't it mean that sessions are deleted ? then why I am not able to connect to hub using that web app ?

i can directly go to hub though. but users are using the app through website where they can chat also.

please throw some ideas ..... or if anyone has any code for authentication, please share.

thanks

akeswani · ‎2020-11-24

i upgraded to June 2019 Patch 6 (from Patch 2), as that has one issue resolved related to this. but still the same problem("Handle "invalid cookie bursts" in the Qlik Sense Proxy (QPS) Service").

i restarted the services and the server, no change !!! anything i can do to at least kill those sessions temporarily?

akeswani · ‎2020-11-24

ok, i tested the same thing in a sandbox environment, which i haven't touched in months, it has QS Sept 2019 version installed.

i get the same error in repo logs: session count goes from 1 to 5 all of a sudden. First it says UsageGranted and then UsageDenied. I am the root admin.

is it a chrome browser issue then ? we are on version 86. any ideas ?

Øystein_Kolsrud · ‎2020-11-25

The "invalid cookie burst" fix was a fix to take into account a scenario where a users was doing multiple concurrent requests using an expired session cookie.

Qlik Sense has a limit on the rate at which new sessions can be created (no more than 5 within 6 minutes I believe). Could it be that your mashup is sometimes making multiple concurrent unauthenticated requests? In that case, all requests will be redirected to the authentication module and consume individual sessions.

You can typically identify if it is this type of behavior you are running into by looking at the Proxy Audit logs and search for bursts of messages of the following type:

Authentication required, redirecting client@<url> to <url>

akeswani · ‎2020-11-25

Thanks for replying Yko.

I tried once today going to my web portal, and the QS hub in iframe gave 400 error. Went to see the proxy audit security file, and saw this 5 times in a row:

User authenticated. User 'EXCELUDC\akeswan1' used authentication method 'saml' and got session...

Access to app '__hub' allowed with access type 'ProfessionalAccessType', result code 'Ok' ....

And in the Repository log file, SessionCount goes from 1 to 5.

Do you know if there is any way i can release those sessions ? this is really urgent as it's happening in all environments. Even in sandbox environment which i haven't used in months.

akeswani · ‎2020-11-25

Found the solution.

https://community.qlik.com/t5/Support-Knowledge-Base/Missing-SameSite-attribute-blocks-requests-in-C...

Since the QS was opening in iframe and domain is different than my website, some cross domain issues were in chrome console. i upgraded to june 2019 patch 10, and it has solution for samesite=None fix.