https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
f

freezing-match-13303

10/22/2021, 7:40 PM
I set the lifespan of sessions to 1 year in the configuration of Kratos and I verified that the session is created in the database with an expiration set to a year from now, additionally the expiration of the cookie in the browser is also a year from now, regardless of that after around 12-24 hours, when I try to access
/sessions/whoami
I get the following response from the server:
Copy code
{
  "error": {
    "code": 401,
    "status": "Unauthorized",
    "request": "b1038c29-a37f-9022-b36f-aaf3d3b7b477",
    "reason": "No valid session cookie found.",
    "message": "The request could not be authorized"
  }
}
am I missing something in the setup of the session?
h

high-optician-2097

10/23/2021, 7:11 AM
What does your request look like?
f

freezing-match-13303

10/25/2021, 10:42 AM
Copy code
[General]
Request URL: <https://accounts.animeshon.dev/apis/sessions/whoami>
Request Method: GET
Status Code: 401 
Remote Address: 34.95.86.243:443
Referrer Policy: strict-origin-when-cross-origin

[Response Headers]
alt-svc: clear
content-length: 186
content-type: application/json
date: Mon, 25 Oct 2021 10:41:43 GMT
server: istio-envoy
vary: Cookie
via: 1.1 google
x-envoy-upstream-service-time: 3

[Request Headers]
:authority: accounts.animeshon.dev
:method: GET
:path: /apis/sessions/whoami
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,it-IT;q=0.8,it;q=0.7
cache-control: no-cache
cookie: csrf_token_215f2d1fd205dbc96fe496165356d154b685fe92ef58257ffe3abb83e65ad27c=...; ory_kratos_session=...
pragma: no-cache
sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
Copy code
{
  "error": {
    "code": 401,
    "status": "Unauthorized",
    "request": "34c9626d-cc67-9e83-8483-270bd1c520b7",
    "reason": "No valid session cookie found.",
    "message": "The request could not be authorized"
  }
}
message has been deleted
(all shared data is from our development environment)
datadase sessions:
Copy code
{
  "sessions": [
    {
      "id": "36791691-ad51-4ccb-a61d-bd04b7469c60",
      "issued_at": "2021-10-21T22:49:50.438Z",
      "expires_at": "2022-10-21T22:49:50.438Z",
      "authenticated_at": "2021-10-21T22:49:50.438Z",
      "identity_id": "cd492b48-425f-407f-869b-2b9f87d06c23",
      "created_at": "2021-10-21T22:49:50.444Z",
      "updated_at": "2021-10-21T22:49:50.444Z",
      "token": "...",
      "active": true,
      "nid": "267e70e4-55ee-4449-907c-1c623e8ee30b",
      "logout_token": "..."
    },
    {
      "id": "bae735b6-3da3-443b-a30a-3bf2d7c882c2",
      "issued_at": "2021-10-21T21:28:35.697Z",
      "expires_at": "2022-10-21T21:28:35.697Z",
      "authenticated_at": "2021-10-21T21:28:35.697Z",
      "identity_id": "1dbbe81a-a0af-4f02-aea7-6970ad8366b1",
      "created_at": "2021-10-21T21:28:35.710Z",
      "updated_at": "2021-10-21T21:28:35.710Z",
      "token": "...",
      "active": true,
      "nid": "267e70e4-55ee-4449-907c-1c623e8ee30b",
      "logout_token": "..."
    }
  ]
}
h

high-optician-2097

10/25/2021, 11:08 AM
the request itself looks good - maybe the proxy is stripping away the cookie header?
f

freezing-match-13303

10/25/2021, 11:12 AM
the request is properly reaching kratos:
Copy code
{
  "audience": "application",
  "error": {
    "debug": "",
    "message": "The request could not be authorized",
    "reason": "No valid session cookie found.",
    "status": "Unauthorized",
    "status_code": 401
  },
  "http_request": {
    "headers": {
      "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
      "accept-encoding": "gzip, deflate, br",
      "accept-language": "en-US,en;q=0.9,it-IT;q=0.8,it;q=0.7",
      "cookie": "csrf_token_215f2d1fd205dbc96fe496165356d154b685fe92ef58257ffe3abb83e65ad27c=...; ory_kratos_session=...",
      "sec-ch-ua": "\"Chromium\";v=\"94\", \"Google Chrome\";v=\"94\", \";Not A Brand\";v=\"99\"",
      "sec-ch-ua-mobile": "?0",
      "sec-ch-ua-platform": "\"Linux\"",
      "sec-fetch-dest": "document",
      "sec-fetch-mode": "navigate",
      "sec-fetch-site": "none",
      "sec-fetch-user": "?1",
      "upgrade-insecure-requests": "1",
      "user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36",
      "via": "1.1 google",
      "x-envoy-attempt-count": "1",
      "x-envoy-original-path": "/apis/sessions/whoami",
      "x-forwarded-proto": "https",
      "x-request-id": "56871e4b-d007-99db-ad34-7a76006ebdd6"
    },
    "host": "accounts.animeshon.dev",
    "method": "GET",
    "path": "/sessions/whoami",
    "query": null,
    "remote": "127.0.0.6:46393",
    "scheme": "http"
  },
  "http_response": {
    "status_code": 401
  },
  "level": "error",
  "msg": "An error occurred while handling a request",
  "service_name": "Ory Kratos",
  "service_version": "v0.7.6-alpha.1",
  "time": "2021-10-25T11:11:07Z"
}
the session is valid and authenticated for 12-24 hours after a new login
but then it is no longer considered as valid and a new login is required
this is behavior is unexpected as the session should last for 1 year
I just confirmed that sessions are invalidated when the Kratos deployment is restarted
so, whenever the pod reboots sessions are no longer valid
h

high-optician-2097

10/25/2021, 11:26 AM
Could be an issue with the secrets
Did you set one?
f

freezing-match-13303

10/25/2021, 11:38 AM
7 Views