VaadinSession PWA Frequent Redirects to Login

Users install our app as a PWA on their mobile devices. One common pattern is they’ll login, use the app for a while, and then navigate away from the app (e.g., by using some other app on their phone). When they reopen it, they are often redirected back to the login screen as opposed to the view they left.

We’re logging session terminations using SessionDestroyListener and confirmed that their sessions haven’t actually terminated. As further evidence, the same behavior sometimes happen in Chrome, but if they manually change the path from \login to \somepage, they do indeed continue their session without re-authenticating, but this isn’t doable in a PWA, of course, leading to user frustration.

This behavior is intermittent (the worst kind of bug).
Some relevant config:
server.servlet.session.timeout=72h
spring.session.timeout=86400

App is hosted on AWS ECS/Fargate as a Docker container, fronted by a load-balancer.

Any ideas on what we might be doing wrong, or things we can do to improve the situation?

Do you have sticky sessions configured in the load balancer?

@SimonMartinelli – great question! I was terrified we didn’t, but we do.

Also, our ECS config is just for 1 task at the moment, so not dealing with multiple instances or tasks at the moment.

image929×177 11.3 KB

Strange. We have three apps that are used as PWAs on mobile phones but never saw this behavior

@SimonMartinelli

Hmm… I’m thinking I probably have some dumb code somewhere. Putting aside the question of frequent session terminations for a single version, do your apps use @Matti 's JWT approach to preserve sessions when deploying new versions, or another approach?

Yes I always use this if I don’t use OAuth