Recently can't stay logged in - Your blue iris session has expired. Attempting recovery

[ahaverty]

For the last few days, after logging in, I can see my cameras, but get repeated warning dialogues bottom right:
"Your blue iris session has expired. Attempting recovery"

They seem to launch dozens of times until it eventually forces me back out to the login screen automatically, sometimes saying something too quick to read again about session expiry.

If I try to login a few more times, I can see my cameras live views, but it'll eventually give me a red warning on login: "connection limit, try again later"

I've tried both with login automatically enabled and disabled.

I'm not sure where to even start debugging. I updated to the latest Blue Iris yesterday to see if that would fix it (it hasn't). And I've tried totally deleting cache/local storage for my ui3 site.

[ahaverty]

1000014791.mp4

[bp2008]

That is weird. I suspect something is interfering with the session cookie.

Look at the Blue Iris Status window, Connections tab to see active and recent connections. I expect you will find it quickly filling up when you try this.

In Blue Iris Settings > Web server > Advanced, there is a setting for a Connection limit. Default is 99, make sure it didn't get lowered somehow.

If you host any other web sites at the same URL, they might also be using an HTTP cookie named "session" which interferes with the one used by Blue Iris.

Otherwise the next suspects would be:

• browser extensions (try using an incognito window as that should not have any extensions in it)
• browser privacy settings
• Any proxy server you may be using between the client device and Blue Iris
• Security software on the client device interfering with outbound HTTP traffic
• Security software on the BI server interfering with inbound HTTP traffic

It is also a very long shot, but you could try rebooting the client device in case it has a glitched out browser instance in the background doing something unexpected.

[ahaverty]

Interesting thank you.
So trying on my internal IP, I don't seem to have the same issue, no errors popping up.

I do typically have an error or two popup when I use my ui3 via an external domain over the last year that I've just gotten used to/assumed is normal.

I do also have other services running on this same subdomain that I'd access via this device, so I reckon you're spot on re: session conflict.

(I wonder has the latest release of ui3 got an issue where it's refreshing a lot sooner than 3 seconds like the notes state?)

Sounds like I need to fix my actual issue though regardless!
Any idea if there's a simple workaround for the session naming?

[ahaverty]

Here's what I'm seeing when debugging remotely:

Navigated to http://redacted.domain.com:81/ui3.htm?session=69060f926348718097ba4f96777f42aa
ui3.htm?session=69060f926348718097ba4f96777f42aa:110 
        
        
       GET http://redacted.domain.com:81/ui3/ui3-local-overrides.css?v=255-5.8.0.15 net::ERR_ABORTED 404 (Not Found)
(anonymous) @ ui3.htm?session=69060f926348718097ba4f96777f42aa:110
ui3.htm?session=69060f926348718097ba4f96777f42aa:595 
        
        
       GET http://redacted.domain.com:81/ui3/ui3-local-overrides.js?v=255-5.8.0.15 net::ERR_ABORTED 404 (Not Found)
(anonymous) @ ui3.htm?session=69060f926348718097ba4f96777f42aa:595
ui3.js?v=255-5.8.0.15:28894 warning toast:  Your Blue Iris session has expired. Attempting recovery...
ui3.js?v=255-5.8.0.15:28894 info toast:  Reloading UI3
ui3.js?v=255-5.8.0.15:3550 UI3 is reloading. Automatic login will not be suppressed.
Navigated to http://redacted.domain.com:81/login.htm?page=%2Fui3.htm

[bp2008]

(I wonder has the latest release of ui3 got an issue where it's refreshing a lot sooner than 3 seconds like the notes state?)

Nah, the 3 second refresh would be a full page reload and it would only happen if one of those loading status indicators changed to "FAIL". What is happening to you there is UI3 is detecting that the session is bad, so it logs you back in and retries whatever had failed. But that fails again for the same reason, so it loops until your session count is maxed out.

Any idea if there's a simple workaround for the session naming?

The best solution would be to use a different subdomain for Blue Iris access, one that no other web applications use.

Ideally, Blue Iris would have used the name "bisession" or something for the cookie. It would be a little problematic if they were to change the cookie name now because some third-party integrations (like UI3 itself) expects it to be named "session".

Alternatively you could try disabling cookies for the domain in question. UI3 should be able to operate with cookies disabled, but with reduced loading performance because caching won't work. But the other applications you host on the same domain would also be forced to work without cookies and they probably haven't been coded to support that.

[ahaverty]

Just to actually address the steps you gave (thank you) in case you see anything.

Look at the Blue Iris Status window, Connections tab to see active and recent connections. I expect you will find it quickly filling up when you try this.

Correct ✅

In Blue Iris Settings > Web server > Advanced, there is a setting for a Connection limit. Default is 99, make sure it didn't get lowered somehow.

It's at the default 99 for me still ✅

If you host any other web sites at the same URL, they might also be using an HTTP cookie named "session" which interferes with the one used by Blue Iris.

I do have other services on the same subdomain, however, I always have had them (although I understand those services and updates could have changed).
But, when I do a full "Clear site data" for this device, I still have the same issue immediately/consistently.
I also couldn't see any cookies for these services anyway.

Otherwise the next suspects would be:
browser extensions (try using an incognito window as that should not have any extensions in it)

I'm having this issue on a S23 Ultra android device with default (latest) chrome browser. (Have been using this device with ui3 daily for months now fwiw).
I just tried it in chrome incognito, and hit the exact same issue.

browser privacy settings

I've nothing set outside of the defaults (chrome) here

Any proxy server you may be using between the client device and Blue Iris

I'm running ui3 via Nginx on windows, no changes lately, but yes proxy involved (however, perhaps I can rule this out since other devices and my internal url are working fine)
Sorry ignore that, I'm not actually running ui3 through Nginx at the moment.

Security software on the client device interfering with outbound HTTP traffic

Stock One UI/Android.

Security software on the BI server interfering with inbound HTTP traffic

Windows, possibly, but no issues on other devices.

It is also a very long shot, but you could try rebooting the client device in case it has a glitched out browser instance in the background doing something unexpected.

I actually upgraded to One UI v6 today on this device, so have 100% done a full reboot. (I was seeing the same issue on UI v5, so don't expect that to be the problem)

The best solution would be to use a different subdomain for Blue Iris access, one that no other web applications use.

Fair 🥲

Alternatively you could try disabling cookies for the domain in question.

I tried this, and got the following popup that I haven't seen before:

And finally. Just to note something that's maybe quite dumb. But I'm running ui3 over http on this external domain~/Nginx~ (not SSL).
(I've just not gotten around to hooking up a cert, and haven't put it high on my list since it's not the end of the world to me if someone ever MITM's the boring view from my front door).
Perhaps there's a mix of android/chrome new security policies conflicting with something behind the scenes in ui3/BI?

[ahaverty]

I'm just taking a look at your wiki. Of course you wrote your own Proxy 😅👏
Looks like I need to add that to my list of todos!

[ahaverty]

Alright.. Solved 🙃
I've it running under SSL via Nginx following your wiki/guide.
I'll sleep better at night now too knowing there's an 's' in my cctv's https!

Thank you very much for the help 👏

[bp2008]

Yeah ok so disabling cookies also disabled localStorage (which is where UI3 stores all of its settings). That makes it a no-go.

Very weird that enabling SSL would fix it.

I've looked into the related UI3 source code. I no longer suspect it has anything to do with cookies. Based on the video you showed, here is what I think was happening:

During UI3 startup, UI3 tries to load the camera list using Blue Iris's JSON API. In response, Blue Iris sends a JSON-encoded object with a property named "result" which has the value "success" or "fail". In this case, it is "fail", which UI3 has long understood to mean the session was lost and it needs to log in again.

Except in this particular situation, I'm thinking the "fail" result must have a different cause than UI3 expects. Because when UI3 handles it by creating a new session and trying to request the camera list again, it gets back the same "fail" result again. It continues like this in a loop until you have 99 active sessions, then it can't log in another one and it fails due to the connection limit.

The problem here is that UI3 treats every camera list "fail" result as if it was caused by a session loss, because when it IS truly caused by a bad session, Blue Iris doesn't say so.
It just says it failed and gives no reason. So UI3 pretty much has no choice but to assume it is caused by session loss because that is the real cause in most cases.

I'll open a support ticket with Blue Iris support to deal with this.