403 Forbidden Error After Deployed to Prod

Hello everyone,   I just deployed my mendix project to prod server. When I run the project after deployed, it run smoothly. But after I logged in for a while, it undergo auto log out and got forbidden like below What is the cause of this case? Please give me insights.
1 answers

Hi Fadil,

  1. Session Timeout Settings: The application might have session timeout settings configured too aggressively. Check the session timeout settings in your Mendix application to ensure they are appropriately configured for your use case. If the session timeout is too short, users may get automatically logged out after a period of inactivity.

  2. Session Management: Ensure that session management is correctly implemented in your Mendix application. Sessions should be managed securely, and user authentication tokens should be properly validated and renewed as needed.

  3. Authentication Token Expiry: If your application uses authentication tokens for user sessions, ensure that these tokens have a reasonable expiry time. If tokens expire too quickly, users may be logged out unexpectedly.

  4. Server Resource Constraints: Insufficient server resources, such as memory or CPU, could lead to unexpected behavior, including session expirations or 403 errors. Monitor server resource usage and consider upgrading server resources if necessary.

  5. Permissions and Access Control: The 403 Forbidden error suggests that the user may be trying to access a resource that they do not have permission to access. Review the access control settings in your Mendix application to ensure that users have appropriate permissions to access the necessary resources.

  6. Firewall or Security Settings: Check if there are any firewall or security settings on the production server that could be blocking or restricting access to certain resources or endpoints. Adjust these settings as needed to allow proper access to the application.

  7. Logging and Monitoring: Implement logging and monitoring in your Mendix application to track user actions, errors, and application behavior. This can help identify the root cause of the issue by providing more detailed information about what is happening when users are logged out or encounter 403 errors.

  8. Session Hijacking or CSRF: Verify that your application is protected against session hijacking and Cross-Site Request Forgery (CSRF) attacks. Implement appropriate security measures such as using secure cookies, CSRF tokens, and HTTPS to prevent unauthorized access to user sessions.

Let me know if you double checked the above issues and still face the problem.

Hope it helps!!