We have suffered from this issue before when setting up a new project on Azure. Old thread: https://discord.com/channels/869656431308189746/1183873525031911554 Now, we are seeing this issue on local development on localhost:8080 on a project where we're upgrading from Umbraco 10 to 13. After logging into the CMS, there is about a 40-60 second wait. Then there is a call to

/umbraco/backoffice/umbracoapi/authentication/GetRemainingTimeoutSeconds

that returns:

)]}',
0.0

Upon which the user is logged out showing message "Session timed out." We have tried using incognito mode to rule out cookies, as well as completely fresh browser profile in Chrome. Are we missing something completely basic for this problem to occur? appsetting Umbraco.CMS.Global.TimeOut is set to

08:00:00

. 8 hours is more than 1 minute. We have not supplied any other setting that should affect this. In our previous 'fresh' project the settings were also default. Umbraco.CMS.Security.KeepUserLoggedIn is not set to

true

thus it should be interpreted as the default

false

. > When set to false a user will be logged out after a specific amount of time has passed with no activity. You can specify this time span in the global settings with the TimeOut key. This is exactly what we've done. Umbraco.CMS.Security.AllowConcurrentLogins is showing a bit of a strange behavior. We don't have this defined at all. But setting it to true, and then restarting Umbraco, and then simply reloading the browser window of the recently auto-logged out user in a fresh browser profile will automatically log them in and show the backoffice. Logging out above mentioned user and then logging in seems to work fine as well.

GetRemainingTimeoutSeconds

returns the full 8 hours. However, logging out, setting

AllowConcurrentLogins

to false again and then logging back in, the problem reappears. In our tests, this is the only browser window using the site. Why are we seeing this problem?

And you're not running both the 10 and the 13 on localhost simultaneously? That would confuse the auth cookie.

No, only one instance, started with

dotnet run

. AllowConcurrentLogins set to true is enough to remove the issue, but we're worried that since it probably shouldn't break like this with it set to false, there might be something else awry as well. This is not the default setting and it seems unlikely everyone has the same problem but just solves it this way.

I've noticed the same issue as well. What seems to be a workaround is to go into the Users tab, edit your own user and simply save it without making any changes. I haven't set aside any time to debug the actual cause of this issue, but if you want to then maybe that's a good place to start.

@McNere Does the issue stop then, you mean?

It stops me from getting logged out after 60 seconds, but the issue returns next time the solution gets deployed to Azure, so it's only a temporary workaround.

How strange. But good to know, thanks! Have you also tried setting

AllowConcurrentLogins

to true perhaps?

I don't think I tried that. It's been a while since I looked into it, so I'm not quite sure.

Thanks for the info though. I just tried this for local development, it did not seem to work. However, I saved the profile, then logged out and back in again.