element-x-android icon indicating copy to clipboard operation
element-x-android copied to clipboard
verified publisher icon element-hq

Spontaneous logout

Open kongo09 opened this issue 1 year ago • 8 comments

Steps to reproduce

  1. Reading a room timeline

Outcome

What did you expect?

Nothing

What happened instead?

Spontaneously got logged out

Your phone model

Pixel 5

Operating system version

Android 14

Application version and app store

0.4.16-nightly

Homeserver

element.io

Will you send logs?

Yes

Are you willing to provide a PR?

No

kongo09 avatar Jul 11 '24 17:07 kongo09

Without any logs, it will be hard to investigate this one. Have you sent a rageshake?

bmarty avatar Jul 15 '24 12:07 bmarty

yes, I did

kongo09 avatar Jul 15 '24 21:07 kongo09

The latest nightly contains https://github.com/element-hq/element-x-android/pull/3208, which should either fix the issue or at least gives us as much info as possible so we can debug what's happening.

It looks like a race condition when 2 refreshes happen almost simultaneously in the SDK due to 2 or more requests failing with errors indicating you need to refresh your token and the 'save token callback' is called in the app several times as well.

If the current code fails again, the only reason I can think about unless new data is discovered, is that:

  1. Two requests fail at the same time, two refreshes of the token happen too.
  2. Between the first refresh and the 2nd one, a new request is sent and it's received by the server when the 2nd refresh has finished.
  3. When this happens, the refresh token would be considered invalid by the server, as it's from the previous refresh result, not the one just returned to the app.
  4. The server logs out the client.

jmartinesp avatar Jul 19 '24 13:07 jmartinesp

Something like this maybe:

sequenceDiagram
Note left of Client: 2 simultaneous requests using the initial tokens.
Client ->> Server: Request_A (with Initial_Tokens)
Server ->> Server: Process Request_A: unknown access token error A
Client ->> Server: Request_B (with Initial_Tokens)
Note right of Server: The Server received both and processes them in parallel.
Server ->> Server: Process Request_B: unknown access token error B
Server ->> Server: Generate new Refreshed_Tokens_A
Note right of Server: Refreshed_Tokens_A are now valid, Initial_Tokens are invalid.
Server -->> Client: Refreshed_Tokens_A
Server ->> Server: Generate new Refreshed_Tokens_B
Note right of Server: Refreshed_Tokens_B are now valid, Refreshed_Tokens_A are invalid.
Client ->> Server: Request C (with Refreshed_Tokens_A)
Server -->> Client: Refreshed_Tokens_B
Server ->> Server: Process Request_C: unknown refresh token error.
Note right of Server: It should be Refreshed_Tokens_B but it's Refreshed_Tokens_A, which is no longer valid.
Server -->> Client: invalid grant error, logout.

jmartinesp avatar Jul 19 '24 13:07 jmartinesp

I am still getting logged out with 0.5.3. I sent logs

benparsons avatar Sep 11 '24 11:09 benparsons

I am still getting logged out with 0.5.3. I sent logs

After taking another long look at the logs it seems like the app is 'stopped' in the middle of a session restoration, before it has had any chance to save the tokens to disk. Maybe the OS killed it, or Android Doze was super aggressive and completely froze the app after a few seconds, but that shouldn't be the case... In any case, I don't think there's anything we can do on the clients or the SDK, sadly. It seems like the iOS app has this issue too, so we may need https://github.com/element-hq/matrix-authentication-service/issues/2795 to actually fix this.

jmartinesp avatar Sep 11 '24 14:09 jmartinesp

@benparsons out of curiosity, which battery mode is the app currently using? In my device it's on Android Settings > Applications > Element X > App battery usage.

Maybe the situation would be better for you with Unrestricted mode enabled.

jmartinesp avatar Sep 11 '24 15:09 jmartinesp

I'm using a Samsung, and the app is marked as Optimised, I will move it to Unrestricted for debugging.

benparsons avatar Sep 11 '24 15:09 benparsons

I believe I have not seen an instance of this issue since. I will move the app back to Optimised (Samsung default) and re-test.

benparsons avatar Oct 10 '24 13:10 benparsons

Dear community of users, please send a rageshake if you meet this issue again. Logs are critical to identify and fix such issue. The current situtation is that we fixed all the problems we are aware of. But you may hit a new scenario for this logout bug and your rageshake will help to fix it.

The bug associaciated with Doze mode is going to be addressed soon with the implementation of https://github.com/element-hq/matrix-authentication-service/issues/2795.

manuroe avatar Dec 02 '24 15:12 manuroe

In any case, I don't think there's anything we can do on the clients or the SDK, sadly. It seems like the iOS app has this issue too, so we may need element-hq/matrix-authentication-service#2795 to actually fix this.

MAS just solved the idempotency issue in https://github.com/element-hq/matrix-authentication-service/pull/3650.

manuroe avatar Dec 11 '24 15:12 manuroe

Discussed internally. With the MAS update indicated above, we should not have spontaneous logout anymore.

manuroe avatar Dec 12 '24 13:12 manuroe