Why are users periodically logged out of Upsource?
This situation can arise when Upsource is configured to run behind a reverse proxy server. The proxy server can interfere with the process that keeps users logged in.
Condition
When users log into Upsource, they are able to work with the applications for a relatively short period of time (an hour or so), but then are shown a message that they have been logged out and are redirected to the login page.
Users can sign in again without having to re-enter their username and password, but they must repeat this process on a regular basis throughout the day.
Cause
Upsource uses a hidden inline frame to refresh authentication tokens. If you have set the value for the X-Frame-Options header to DENY for your reverse proxy server, users are logged out when their tokens expire.
Solution
All responses that contain static content from Upsource set the value for the X-Frame-Options header to SAMEORIGIN. To preserve this value, configure your reverse proxy server to use the X-Frame-Options: SAMEORIGIN directive for all static content from Upsource.
For more information, see X-Frame-Options.
Please sign in to leave a comment.