search cancel

Session timeout messages accessing cloud based HR application through WSS


Article ID: 225209


Updated On:


Web Security Service - WSS


Users accessing WSS via on-premise ProxySG servers forwarding traffic into WSS

Users able to access and browse most web sites without issues

Users are however unable to access domain consistently 

Users receiving "your session has expired messages" randomly after logging into the session

Bypassing WSS and pointing to on-premise proxy IP address going direct works fine


User is bounced between multiple on-premise proxy servers that egress from different IP addresses

Back end Application getting user session data from different IP addresses and throwing error


Proxy Forwarding into WSS

Load balancer front ending on-premise Proxy servers does not have persistence enabled


Enabled persistence on on-premise proxy to keep users session egressing from the same IP address

Additional Information

Every 10 seconds, the client App would send a keep alive probe to make sure users session was active. Assuming it was, the response would come back with a 1200 600 string (20 mins / 10 mins) as shown below

When the user would get the session timeout message, it would always proceed the following response

This was triggered by back end Cloud Application because the IP address of the inbound request would have changed, whilst the session cookies were still valid.


Enabling persistence at on-premise Proxy load balancer makes sure the IP address does not change.