FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Doubling of login records

    Scheduled Pinned Locked Moved
    General Discussion
    2
    21
    5.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sergey_smirnov @mark.robustelli
      last edited by

      @mark-robustelli
      Sometimes user sees this:

      e964a7be-6e0c-4ea2-aba0-82adf7f37b26-image.png

      mark.robustelliM 1 Reply Last reply Reply Quote 0
      • mark.robustelliM
        mark.robustelli @sergey_smirnov
        last edited by

        @sergey_smirnov OK, I did some investigating and here is what I have found.

        1. SSO, I saw a reference to a post that mentions using SSO will create multiple session records (but shouldn't necessarily cause multiple login events). Are you using SSO?
        1. Are you using any Lambda's? In some versions (notably 1.31.0), a bug caused the OIDC reconcile lambda to be called twice during certain identity provider logins, which could result in duplicate processing and potentially duplicate events. This was patched in version 1.32.1.

        2. Are you using any Webhooks?

        3. Are you using an external IdP?

        These are just a couple of things to consider.

        S 1 Reply Last reply Reply Quote 0
        • S
          sergey_smirnov @mark.robustelli
          last edited by

          @mark-robustelli

          1. No
          2. No, the FA version is 1.55.1
          3. Yes, we use webhooks to sync user info (like email change) between FA and our application
          4. No, for our application FA is the only IdP, however we use migration mechanism to add new users to the FA DB from application
          mark.robustelliM 1 Reply Last reply Reply Quote 0
          • mark.robustelliM
            mark.robustelli @sergey_smirnov
            last edited by

            @sergey_smirnov OK. It doesn't seem like the webhook you are using would cause the duplicate logins. I came across this post stating that exchanging a refresh token counts as a login event. I'm wondering if something like the user logins in using a new tab, then goes back to the old tab that triggers a refresh. If that is the case, that could account for the delay between logins and the "Something doesn't seem right" message as that session is no longer valid because of the new login. You might be able to verify this by using a webhook. There is a JWT.Refresh event that you might be able to log somewhere to see if it fires around the time of the duplicate log ins.

            S 1 Reply Last reply Reply Quote 0
            • S
              sergey_smirnov @mark.robustelli
              last edited by

              @mark-robustelli
              No events. Also JWT duration is set to default 3600 (1 hour) for our application/tenant and as I see the option affects the timeout inside the corresponding claim only. As we don't use JWT we ignore it. Additional info; JWT Refresh Duration = 43200, OAuth session timeout = 3600.

              We see a lot of fusionauth cookies and hidden form fields which are updated during authentication process. How can we reset the login page (smth similar to incognito mode)? Maybe some parameters on logout?

              mark.robustelliM 1 Reply Last reply Reply Quote 0
              • mark.robustelliM
                mark.robustelli @sergey_smirnov
                last edited by

                @sergey_smirnov If you are not using the JWT, can you disable it in the AdminUI?

                S 1 Reply Last reply Reply Quote 0
                • S
                  sergey_smirnov @mark.robustelli
                  last edited by

                  @mark-robustelli
                  It is disabled on application level but I don't see any such option for tenant.
                  How to disable it for tenant ?

                  mark.robustelliM 1 Reply Last reply Reply Quote 0
                  • mark.robustelliM
                    mark.robustelli @sergey_smirnov
                    last edited by

                    @sergey_smirnov I was referring to the application level. Try to disable it there and see if you are still getting the double login.

                    S 1 Reply Last reply Reply Quote 0
                    • S
                      sergey_smirnov @mark.robustelli
                      last edited by

                      @mark-robustelli
                      It was already disabled on application level.

                      mark.robustelliM 1 Reply Last reply Reply Quote 0
                      • mark.robustelliM
                        mark.robustelli @sergey_smirnov
                        last edited by

                        @sergey_smirnov hmmm..Ok can we verify this is 100% not user action? Can you add some logging to your application so we can see what a user is clicking or starting a new session? Then we can compare with the logs in FusionAuth.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post