Some users have reported an unexpected behavior with secured Essentials sites. Normally, a secured site will allow you to stay signed in until you close the browser window. However, in some circumstances users are getting signed out shortly after signing in, or getting signed out unexpectedly after a period of inactivity.
Some people have reported seeing a Warning message:
Others have reported being redirected to a Portal sign-in page.
The authentication process for the HTML5 Viewer involves getting two OAuth2 tokens from ArcGIS Enterprise which are an Access Token and a Refresh Token. The default values from ESRI on these tokens are 30 minutes for an Access Token and 14 days for a Refresh Token. Once a user is signed into the HTML5 Viewer, the Access Token is stored in our session cookie and used until around 25 minutes after sign in at which time the HTML5 Viewer will trigger a token refresh from the Essentials REST endpoint. Essentials has the 14 day Refresh Token stored, uses it to get a new Access Token from ArcGIS Enterprise, returns this new Access Token to the HTML5 Viewer, and the session cookie is updated with the new Access Token. This process should repeat itself until the Refresh Token is expired after 14 days but can get interrupted if the HTML5 Viewer is unable to communicate with the Essentials REST endpoint.
Unfortunately, we have not been able to reproduce this issue since this was first reported many years ago. Furthermore, development efforts are now focused exclusively on our Studio product line. The best path forward is to migrate to our Studio product line.
Comments
0 comments
Please sign in to leave a comment.