Sessions Ending Frequently

(Gavin Boyd) #1

Matrix Version: v5.4.0.2

Our Matrix sessions keep ending, getting very frequent lately. This is happening for sys admin users, simple edit users and users accounts.

Is there a reason why this would be or could you point us in the direction of the logs and what to look for?

(Marcus Fong) #2

This usually occurs for one of two reasons.

  1. The first possibility is that your IP address is changing in the middle of your Matrix session. By default, the Matrix setting Allow IP Change is set to No, which terminates your session if your IP address changes. This is a security feature intended to defend against session hijacking. If your Internet access works in such a way that your IP changes frequently (for instance, if your IT department installs a pool of Web proxies and randomly chooses which one will service a particular outgoing request), then this may cause legitimate users to experience prematurely terminated login sessions.

    To determine whether this is the case, check the Matrix system log for system.security.login entries. Matrix records the user’s IP each time they log in - if you see the same user logging in many times during the day from different IPs, and Allow IP Change is set to the default of No, then it’s very likely you’re being affected by this problem.

    Resolving this issue usually requires discussion with your IT people to find the best solution. Obviously you can switch Allow IP Change to Yes, but this reduces security so isn’t ideal. It’s generally better to use “sticky sessions” at the network/proxy level if this can be supported - there are different ways of implementing it, but the idea is to associate a single session with a single IP so it won’t trigger session hijacking protections.

  2. The second main reason is if your Matrix instance is using Memcache to store its sessions, and the Memcache session storage is full. This will automatically evict older sessions to make room for newer ones, which can also cause premature logouts. You can’t diagnose this from the Matrix logs alone, though - a server administrator would need to check it.