wavebox
Some services are not remembering logins correctly
- Wavebox Version: 4.9.3 (but it's been happening for a while)
- Operating System & Version: macOS 10.14.5 Beta
- Account type (if applicable): Discord, weblink service
Expected & actual behavior Services should remember my login at least as long as Chrome does.
Steps to reproduce
- login to discord using both the built-in wavebox service and Chrome
- use for a few days in wavebox only
- at some point after either a sleep or restart, opening discord is kicked back to the login screen
- open discord in the browser, it's still logged in even though it hasn't been used this entire time
Is the bug persistent or intermittent? Persistent, but inconsistent. I've seen happen in less than a day; sometimes it's been a few days or a week and I can't remember when exactly it last logged me out.
Additional information The weblink service I have a similar problem with is a private instance of Bitbucket Server which is running as a weblink tab in my Google service. When it is logged out, google still works just fine.
I've seen the KB article about artificially persistent cookies but this doesn't seem like the right answer, all I want is for wavebox to remember logins for the same length as my browser.
Usually when this happens to me, I have cleared the expired accounts and tried using wavebox again.
If you want you can check this under: Settings > General > Data & Sync
There is a button there called "Clean expired accounts"
Would be good to know if that helps anything at all for you.
I've never used that button, but I just did and restarted wavebox. Discord didn't log out but the bitbucket server did.
I'll see how that goes.
I've seen the KB article about artificially persistent cookies but this doesn't seem like the right answer, all I want is for wavebox to remember logins for the same length as my browser.
Yeah you're right there. It seems to work for some Gmail Gsuite users who have a weird auth setup, but the rest of the time it tends to cause more trouble than good. We're in the process of hiding this away a bit more to discourage use.
There have been a few cases that I've seen where if the app dies it doesn't flush cookies and session state to disk fast enough. I've only seen this when I'm adding an account and then killing the app quickly during development. In normal use I don't think I've ever seen that behaviour.
If it continues, try removing one of the accounts and adding it again - I know some users have reported this making a difference
There have been a few cases that I've seen where if the app dies it doesn't flush cookies and session state to disk fast enough. I've only seen this when I'm adding an account and then killing the app quickly during development. In normal use I don't think I've ever seen that behaviour.
Interesting. I do use sleep fairly aggressively, nothing longer than 10 minutes, and it never happens with services where wavebox controls the authentication. That was my first clue that there might be a cookie issue with other services.
I will remove and re-add discord right now, and let you know if/when it happens again. I'm happy to turn on extra logging if that will help.
The bitbucket server kicked me to a login screen this morning (it's 4:30pm as I write this). Discord was still fine, and I held out hope...
Discord just kicked me to the login screen.
ooooh so I'm an admin of the bitbucket server, which I just realised means I can help track this down ;)
2019-04-09 14:32:38,992 INFO [http-nio-7990-exec-8] @369J3Sx872x4019887x0 <censored>,127.0.0.1 "GET /users/spyder/repos/tinymce-mono/commits/cf289f1ae0e0885c5f160d4660cea58a0e4fb1e6 HTTP/1.0" c.a.s.i.a.DefaultRememberMeService Expired remember-me token detected for series '42cb4bb9aaba744edf919ee7503ea5821ac92f95' for user 'spyder' (used from '<censored>,127.0.0.1'). As a safety precaution, all (2) tokens from that series have been canceled.
2019-04-09 14:32:38,993 INFO [http-nio-7990-exec-8] @369J3Sx872x4019887x0 <censored>,127.0.0.1 "GET /users/spyder/repos/tinymce-mono/commits/cf289f1ae0e0885c5f160d4660cea58a0e4fb1e6 HTTP/1.0" c.a.s.i.a.DefaultRememberMeService Invalid remember-me cookie detected (expired) - canceling the cookie
I remember this used to be an issue with bitbucket itself a long time ago, the cookie tokens are refreshed periodically and that wasn't working for some reason. Perhaps it tries to refresh them and wavebox isn't storing the updated cookie when it sleeps?
I'm not sure that explains the discord issue, though. Once again it is still logged in using my normal browser even though that browser hasn't gone near discord.com since the last time I logged in.
I can confirm I did remove and re-add discord 4 days ago.
Interesting! That's really helpful! As for the failure to flush cookies problem above, I've only seen this when the app hard quits with a crash or similar. I haven't seen that behaviour with sleep.
Did you ever try Artificially Persist Cookies on this account? I know if you have done that, it can cause cookies to stick around longer than they should and if the server is trying to refresh them this may fail. If you've not, I'll setup a small test server here to see if I can cycle tokens or something that reproduces the issue :)
I haven’t used the artificial cookie setting, no. I would hope that if you sign in to a discord server (or make a test one if you aren’t already using it) the issue shouldn’t be too hard to reproduce 🤔
I could try the artificial setting while you’re doing that?
I could try the artificial setting while you’re doing that?
Nah - I doubt it's going to fix it and probably cause more trouble
I'll see what I can reproduce here :)
I've been doing some digging on this to see if there's anything I can reproduce. I've setup a test server with a bunch of different cases and as far as I can see, cookie requests behave as expected...
- mainFrame loads, xhr loads and resource loads set the cookie correctly and it's re-presented on the next request
- Cookie precedence rules seem to work as expected
- Cookie expiry seems to work as expected
I've also tried profiling the cookies for logging into bitbucket.org (not quite the same as a private instance, but I thought it would be a good place to start) and from what I can see cookies behave the same between Wavebox and Chrome.
I'm wondering if there's a case where a malformed set-cookie header is sent, Chrome parses this and does the correct thing, whilst Wavebox fails silently or sets the expiry incorrectly or something. I'll keep doing some digging to see what else I can find
Thanks for continuing to investigate this!
Bitbucket.org is actually very very different, long story, but there is a docker image for bitbucket server which hopefully is easy to set up.
I haven't seen the re-login issue from bitbucket very often, to be honest, but I saw it twice in one day on discord last week. That seems to be much easier to replicate. Maybe create a discord server instance (they're totally free) and use that for testing? 🤔
I wonder if this is IP related. This can't be true for bitbucket server, it's behind a firewall, but for discord I use the same machine at home and work so I'm switching quite a lot.
I don't think it's the only cause, but the last couple of times discord asked for a login it had woken up from sleep after moving between home and work (or another network).
I don't think it's the only cause, but the last couple of times discord asked for a login it had woken up from sleep after moving between home and work (or another network).
Which version are you on at the moment? 4.9.7 - 4.10.0 has a UserAgent bug, where some requests come out with a different UserAgent after sleep. I wonder if this is tripping something up. (On a side note 4.10.1 with a fix for that is heading out this morning).
ooh that could totally be it. The bitbucket server "remember me" token (the thing that's marked as invalid in the server log I posted earlier) looks like a hash and could include the user agent.
I was on 4.9.8, I've been running the beta builds for a while now but didn't have a chance to restart last time it asked me to update 🤔
I've installed 4.10.1, will see what happens!
I was on holiday last week so the lack of issues so far is probably a bit misleading. I've lowered the sleep timeout to silly levels which will hopefully stress test it a bit.
[edit] and just as I say that both discord and bitbucket kicked me to a login screen within minutes of each other, bitbucket while resuming from sleep discord on first load after restarting wavebox 😂
hopefully that's just a once off and things stabilise now?
hopefully that's just a once off and things stabilise now?
Hopefully, let's see how it goes!!
Sadly, I just hit the login prompt again with discord. I'll try disabling the extensions I have enabled, maybe they are interfering 🤔
I'm using lastpass and the ad blocker, both of which I can disable without too much hassle, simplify gmail I'll leave enabled because it shouldn't even be running on these sites (and this was an issue before I installed it).
[edit] I've disabled simplify anyway, a recent change breaks images in one of the CI emails I get regularly
It could be the ad-blocker, but let me know how it goes.
Long term, we've had quite a bit of discussion around this here and think we have a solid solution that will address this, it's probably a couple of months away before it will ship though
hmm ok. It's weird that I'm the only one hitting this frequently, I just wish I knew what was causing it!
Did you ever figure this out? Discord keeps logging me out when I wake it up.
@napter the original issue, which was reported for Wavebox Classic should no longer be present with the current versions of Wavebox.
There's sporadic activity on discord's forums about staying signed in every now and again, it seems to be something that keeps popping up with discord and seems to be a problem on their end. We have had some other users report a similar behaviour to us in the past, and after a couple of weeks, it seems to sort itself out.
It might be worth checking in another browser, to see if logging into Discord, quitting the browser completely and then opening it back up keeps you logged in. This would help to isolate whether it's a problem with Discord or something specific to Wavebox.
If it does keep you signed in, it could be that Discord has stored some stale data in Wavebox that is causing you to log out. You could try clearing your cookies in Wavebox and then trying to sign back in after that. You'll need to clear cookies and browsing data for the whole cookie container, so any other sites you use in that container will also need to be signed back into. To do this...
- Check which Cookie Container your discord app is using. You can check this by hovering over the Cookie Container icon to the right of the address bar
- Go to Settings > Cookie Containers & locate the Cookie Container from step 1
- Click the Clear all browsing data for this cookie container button
- Wait a few moments for it to complete and try signing into Discord again to see if that keeps you signed in
I wanted to tag onto this. I have several friends with Wavebox and we're all seeing that discord is not being kept logged in. We can put the discord app to sleep and upon wake it'll prompt for login information, if we quit wavebox and relaunch it we'll get prompted again and of course a machine reboot we get prompted.
I have tried multiple tests including removing all extensions, complete removal and reinstall of wavebox, completely new profile and even doing a custom app with the discord website. It appears that wavebox can't or wont save the discord cookies.
Thanks for your assist on this.
Thanks @RXWatcher, we've had a couple of reports of this over the last week. It looks like there are some conditions where Discord forces a logout depending on the size of the sidebar in Wavebox.
I've pushed a fix in the latest beta (10.108.5) https://wavebox.io/beta which should address this. It would be great to know if this fixes it for you too