For some random reason during regular usage MarkLogic will return a 401 - unauthorized response. The UI then goes "bananas" into an infinite loop of redirects and brings my browser to its knees. It's happened twice now during regular usage. I'll try to add more details when it happens again.

This has happened several times to me as well. Almost every time, it was write after I tried to save a new document, or update an existing one. (there may have been one time where it just happened during a search.

After it happens, at least for me, I'm no longer able to login; my credentials are rejected. If I wait some time (1/2 hr + ?), I'm then able to login again.

Final note: the same login failures occur for me when I manually log out.

I saw this as well. Looked to me as if back-end closed the session, while front-end thinks it is still open. Back-ends responds with 401, and authservice intercepts with showing login. But somehow that jumps forward to skip login as it thinks it is unnecessary?

I also did see hickups with the ldap auth, but those seemed irratic..

I adjusted the expressSession configuration so resave is set to false. According to the documentation resave shouldn't be set to true if the session store implements touch method. The MemoryStore implementation has the touch method. I believe the resave is causing issues with the sessions. Also, on that note we should look at moving from MemoryStore in the future since it really isn't meant for production use. I created a ticket for that.

I also updated the front-end code to not get into an infinite loop. The pull request is pending. #200

Not so easy to reproduce the issue, but hopefully it is fixed now..

Fixed in develop