We’re running an RPA bot built with Mendix RPA 9.18 that automates invoice processing by logging into our vendor portal. The bot was working fine for the first two weeks, but now it’s consistently failing during the login step. The error message indicates the session expires before the bot can complete authentication.
The login process involves entering credentials and waiting for a 2FA code from our authenticator app. We’ve configured the credential vault integration and the bot retrieves credentials correctly. However, the external system seems to have a 30-second session timeout that kicks in before our bot completes the full login sequence.
# Current login attempt
bot.navigate_to("https://vendor-portal.com/login")
bot.enter_text("username", credentials.username)
bot.enter_text("password", credentials.password)
bot.wait_for_element("2fa_code", timeout=45)
This is blocking our entire invoice automation workflow and creating a backlog of 200+ invoices daily. Has anyone dealt with session timeout issues in RPA scenarios? Should we implement retry logic or is there a better approach to handle credential vault integration with time-sensitive logins?
I’ve seen similar timeout issues with external portals. The 45-second wait you have is actually causing the problem - most session tokens expire around 30-35 seconds. Try reducing your timeout to 25 seconds and implement a faster polling mechanism for the 2FA element. Also check if the portal supports API-based authentication instead of UI automation, which would be more reliable.
Thanks for the suggestions. I enabled detailed logging and found that the portal actually sends the 2FA code via SMS, not the authenticator app - my mistake in the original post. The SMS delivery takes 15-25 seconds, which combined with our wait logic pushes us over the session limit. The portal doesn’t offer API access unfortunately. Would implementing a retry mechanism help here, or should we look at optimizing the wait strategy?
I had a near-identical issue last quarter. The vendor wouldn’t budge on timeout settings, so we had to get creative with our implementation.
Have you checked the RPA bot’s execution logs to see exactly where the timeout occurs? In Mendix RPA 9.18, you can enable detailed logging in the bot configuration. Also, does your credential vault support token refresh? If the external system provides a session token, you might need to cache it and reuse it across multiple operations instead of logging in each time.