How to avoid this error or even a warning?
WRN (admin) A possible object cycle was detected. This can either be due to a cycle or if the object depth is larger than the maximum allowed depth of 64. Consider using ReferenceHandler.Preserve on JsonSerializerOptions to support cycles. Path: $.MyObject.Equipment.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Location.System.Text.Json.JsonException: A possible object cycle was detected. This can either be due to a cycle or if the object depth is larger than the maximum allowed depth of 64. Consider using ReferenceHandler.Preserve on JsonSerializerOptions to support cycles. Path: $.MyObject.Equipment.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Component.Configurations.Location. at System.Text.Json.ThrowHelper.ThrowJsonException_SerializerCycleDetected(Int32 maxDepth) at System.Text.Json.Serialization.JsonConverter
1.TryWrite(Utf8JsonWriter writer, T& value, JsonSerializerOptions options, WriteStack& state) at System.Text.Json.Serialization.Metadata.JsonPropertyInfo1.GetMemberAndWriteJson(Object obj, WriteStack& state, Utf8JsonWriter writer) at System.Text.Json.Serialization.Converters.ObjectDefaultConverter1.OnTryWrite(Utf8JsonWriter writer, T value, JsonSerializerOptions options, WriteStack& state) at System.Text.Json.Serialization.JsonConverter1.WriteCore(Utf8JsonWriter writer, T& value, JsonSerializerOptions options, WriteStack& state) at System.Text.Json.Serialization.Metadata.JsonTypeInfo1.Serialize(Utf8JsonWriter writer, T& rootValue, Object rootValueBoxed) at System.Text.Json.Serialization.Metadata.JsonTypeInfo1.SerializeAsObject(Utf8JsonWriter writer, Object rootValue) ... at Volo.Abp.Json.SystemTextJson.JsonConverters.ObjectToInferredTypesConverter.Write(Utf8JsonWriter writer, Object objectToWrite, JsonSerializerOptions options) at System.Text.Json.Serialization.JsonConverter1.TryWrite(Utf8JsonWriter writer, T& value, JsonSerializerOptions options, WriteStack& state) at System.Text.Json.Serialization.JsonConverter1.WriteCore(Utf8JsonWriter writer, T& value, JsonSerializerOptions options, WriteStack& state) at System.Text.Json.Serialization.Metadata.JsonTypeInfo1.Serialize(Utf8JsonWriter writer, T& rootValue, Object rootValueBoxed) at System.Text.Json.JsonSerializer.WriteString[TValue](TValue& value, JsonTypeInfo1 jsonTypeInfo) at Volo.Abp.Caching.Utf8JsonDistributedCacheSerializer.Serialize[T](T obj) at Volo.Abp.Caching.DistributedCache`2.<>c__DisplayClass51_0.<
Please make note that I already use this setting in my HttpApiHostModule:
private static void ConfigureSerialization(ServiceConfigurationContext context)
{
context.Services.AddControllers().AddJsonOptions(x => x.JsonSerializerOptions.ReferenceHandler = ReferenceHandler.IgnoreCycles);
}
But obviously it is not enough for the cache.
Another note is that I really have navigation properties in both cases and I do use them in the EntityFramework code. I just want to exclude circular from the consideration, i.e. if I take component.Configurations - I do not want to read Component from each Configuration and if take configuration.Component - I do not want further read Configurations of each Component.
SignalR? Hmm, in the test project (from the attachment) I don't use SignalR.
But in our main solution we do use it. If it comes in handy to idenfity a working solution for logout, here it is:
It's a typical SignalR configuration, I guess...
Your screenshots are now consistent with mine. So scenarios 1) and 3) do not fit me. Because the "passive" tab does not redirect to login box. Scenario 2) is what I need. But in your screenshot you did not go further: you need to try to login in the "passive" tab too. In this case, you will get error 400 because of the "reused token" issue. This is what I am trying to avoid.
Sorry, but I easily reproduce the issues on the same test project. Please have a look below. I don't know how to explain it.
event.newValue !== null - the second tab does not redirect a user to Login page when I do logout from the first tab:
event.newValue === null - the second tab redirects a user to Login page when I do logout from the first tab, however the bug with a token is reproduced during logging in:
The test project link is already present in this thread. https://drive.google.com/open?id=1xYCu_NLl5O0YCn1h3ffv4FZd5UGkGK0B&usp=drive_fs
Hi. Sorry, I'm not sure I am following you here. The latest mentioned problem is reproduced on ABP generated test project. There's no our custom code there. So in this project i was trying to get the following behavior:
storage event was suggested by your colleague and it did work;null condition from === to !== in the event handler, but in this case (1) stops working - I'm not redirected to Login page in a passive tab anymore;Unfortunately, this is not a solution, because if I make this change, another part is broken: I am no more redirected to Login page in a passive tab after I log off in the active tab...
Hi,
thank you for the reply. So - first of all, I want to eliminate the following problem which is easily reproducable on a test project.
If I have the site opened in tab #1 and tab #2 and use the following code in app.component.ts:
this.window.addEventListener('storage', event => {
if (event.key === 'access_token' && event.newValue === null) {
this.window.location.reload();
}
});
after logging out in any tab, I am logged out in another tab thanks to this code. So far so good...
Now, let's say I log in on tab #1 - I am inside.
Then I go to tab #2 where I still have a login box. I try to log in and get the exception:
[17:04:41 INF] Executing endpoint '/Account/Login' [17:04:41 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login [17:04:41 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [17:04:41 INF] Antiforgery token validation failed. The provided antiforgery token was meant for a different claims-based user than the current user. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The provided antiforgery token was meant for a different claims-based user than the current user. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet) at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
When I am doing a logout in our project from ANY page - at some point I promptly see a HOME page, but there is no more navigation menu at the left (the menu obviously has been hidden, because the user is not authenticated anymore) and at the same very moment the API requests which are connected to that ANY page are invoked. Afterwards I am redirected to LOGIN BOX as expected.
I have absolutely no idea why the redirect to LOGIN BOX does not happen immediately after pressing the logout button and this HOME page is shown. I have looked through the code as much as I can. I can only attach again the Auth Server Module code and its log - what is happening at the moment of logout. I compared the log with the test project log, but by and large everything is about the same.
Perhaps one of your colleagues can tell me something - maybe there is a wrong setup in the module. But there are so many settings that it's hard to make sense of it. I can create another ticket, but it will contain the same question.
I cannot do screensharing or send our project. Just reminding it.
I really don't know how to match a test solution and our solution where the issue happens.
I've tried to find who initiates these extra API calls between connect/revocat and openid-configuration looking at the initiator chain:
Just in case: port 44337 is the port of Ocelot Gateway solution - I emphasize that the last endpoint is correct.
Is the request initiator chain looking wrong here? Because so far I am out of clues, what is wrong and why. Maybe I am missing some settings relevant for authentication or they are incorrect? There are just too many of them, plus custom code, so I try to move from inside analyzing those requests.
IMPORTANT: this is not related to our custom pages only. The identical situation take place at ABP pages, e.g. Language Management. So it is not related to the components or guards.