Waveboxapp: Some services are not remembering logins correctly

Usually when this happens to me, I have cleared the expired accounts and tried using wavebox again.

If you want you can check this under: Settings > General > Data & Sync

There is a button there called "Clean expired accounts"

Would be good to know if that helps anything at all for you.

I've never used that button, but I just did and restarted wavebox. Discord didn't log out but the bitbucket server did.

I'll see how that goes.

I've seen the KB article about artificially persistent cookies but this doesn't seem like the right answer, all I want is for wavebox to remember logins for the same length as my browser.

Yeah you're right there. It seems to work for some Gmail Gsuite users who have a weird auth setup, but the rest of the time it tends to cause more trouble than good. We're in the process of hiding this away a bit more to discourage use.

There have been a few cases that I've seen where if the app dies it doesn't flush cookies and session state to disk fast enough. I've only seen this when I'm adding an account and then killing the app quickly during development. In normal use I don't think I've ever seen that behaviour.

If it continues, try removing one of the accounts and adding it again - I know some users have reported this making a difference

There have been a few cases that I've seen where if the app dies it doesn't flush cookies and session state to disk fast enough. I've only seen this when I'm adding an account and then killing the app quickly during development. In normal use I don't think I've ever seen that behaviour.

Interesting. I do use sleep fairly aggressively, nothing longer than 10 minutes, and it _never_ happens with services where wavebox controls the authentication. That was my first clue that there might be a cookie issue with other services.

I will remove and re-add discord right now, and let you know if/when it happens again. I'm happy to turn on extra logging if that will help.

The bitbucket server kicked me to a login screen this morning (it's 4:30pm as I write this). Discord was still fine, and I held out hope...

Discord just kicked me to the login screen.

ooooh so I'm an admin of the bitbucket server, which I just realised means I can help track this down ;)

2019-04-09 14:32:38,992 INFO  [http-nio-7990-exec-8] @369J3Sx872x4019887x0 <censored>,127.0.0.1 "GET /users/spyder/repos/tinymce-mono/commits/cf289f1ae0e0885c5f160d4660cea58a0e4fb1e6 HTTP/1.0" c.a.s.i.a.DefaultRememberMeService Expired remember-me token detected for series '42cb4bb9aaba744edf919ee7503ea5821ac92f95' for user 'spyder' (used from '<censored>,127.0.0.1'). As a safety precaution, all (2) tokens from that series have been canceled.
2019-04-09 14:32:38,993 INFO  [http-nio-7990-exec-8] @369J3Sx872x4019887x0 <censored>,127.0.0.1 "GET /users/spyder/repos/tinymce-mono/commits/cf289f1ae0e0885c5f160d4660cea58a0e4fb1e6 HTTP/1.0" c.a.s.i.a.DefaultRememberMeService Invalid remember-me cookie detected (expired) - canceling the cookie

I remember this used to be an issue with bitbucket itself a long time ago, the cookie tokens are refreshed periodically and that wasn't working for some reason. Perhaps it tries to refresh them and wavebox isn't storing the updated cookie when it sleeps?

I'm not sure that explains the discord issue, though. Once again it is still logged in using my normal browser even though that browser hasn't gone near discord.com since the last time I logged in.

I can confirm I did remove and re-add discord 4 days ago.

Interesting! That's really helpful! As for the failure to flush cookies problem above, I've only seen this when the app hard quits with a crash or similar. I haven't seen that behaviour with sleep.

Did you ever try Artificially Persist Cookies on this account? I know if you have done that, it can cause cookies to stick around longer than they should and if the server is trying to refresh them this may fail. If you've not, I'll setup a small test server here to see if I can cycle tokens or something that reproduces the issue :)

I haven’t used the artificial cookie setting, no. I would hope that if you sign in to a discord server (or make a test one if you aren’t already using it) the issue shouldn’t be too hard to reproduce 🤔

I could try the artificial setting while you’re doing that?

I could try the artificial setting while you’re doing that?

Nah - I doubt it's going to fix it and probably cause more trouble

I'll see what I can reproduce here :)

I've been doing some digging on this to see if there's anything I can reproduce. I've setup a test server with a bunch of different cases and as far as I can see, cookie requests behave as expected...

• mainFrame loads, xhr loads and resource loads set the cookie correctly and it's re-presented on the next request
• Cookie precedence rules seem to work as expected
• Cookie expiry seems to work as expected

I've also tried profiling the cookies for logging into bitbucket.org (not quite the same as a private instance, but I thought it would be a good place to start) and from what I can see cookies behave the same between Wavebox and Chrome.

I'm wondering if there's a case where a malformed set-cookie header is sent, Chrome parses this and does the correct thing, whilst Wavebox fails silently or sets the expiry incorrectly or something. I'll keep doing some digging to see what else I can find

Thanks for continuing to investigate this!

Bitbucket.org is actually very very different, long story, but there is a docker image for bitbucket server which hopefully is easy to set up.

I haven't seen the re-login issue from bitbucket very often, to be honest, but I saw it twice in one day on discord last week. That seems to be much easier to replicate. Maybe create a discord server instance (they're totally free) and use that for testing? 🤔

I'll take a look :)

I wonder if this is IP related. This can't be true for bitbucket server, it's behind a firewall, but for discord I use the same machine at home and work so I'm switching quite a lot.

I don't think it's the _only_ cause, but the last couple of times discord asked for a login it had woken up from sleep after moving between home and work (or another network).

I don't think it's the only cause, but the last couple of times discord asked for a login it had woken up from sleep after moving between home and work (or another network).

Which version are you on at the moment? 4.9.7 - 4.10.0 has a UserAgent bug, where some requests come out with a different UserAgent after sleep. I wonder if this is tripping something up. (On a side note 4.10.1 with a fix for that is heading out this morning).

ooh that could totally be it. The bitbucket server "remember me" token (the thing that's marked as invalid in the server log I posted earlier) looks like a hash and could include the user agent.

I was on 4.9.8, I've been running the beta builds for a while now but didn't have a chance to restart last time it asked me to update 🤔

I've installed 4.10.1, will see what happens!

Lets see how it goes, keep me updated :)

I was on holiday last week so the lack of issues so far is probably a bit misleading. I've lowered the sleep timeout to silly levels which will hopefully stress test it a bit.

[edit] and just as I say that both discord and bitbucket kicked me to a login screen within minutes of each other, bitbucket while resuming from sleep discord on first load after restarting wavebox 😂

hopefully that's just a once off and things stabilise now?

hopefully that's just a once off and things stabilise now?

Hopefully, let's see how it goes!!

Sadly, I just hit the login prompt again with discord. I'll try disabling the extensions I have enabled, maybe they are interfering 🤔

I'm using lastpass and the ad blocker, both of which I can disable without too much hassle, simplify gmail I'll leave enabled because it shouldn't even be running on these sites (and this was an issue before I installed it).

[edit] I've disabled simplify anyway, a recent change breaks images in one of the CI emails I get regularly

It could be the ad-blocker, but let me know how it goes.

Long term, we've had quite a bit of discussion around this here and think we have a solid solution that will address this, it's probably a couple of months away before it will ship though

hmm ok. It's weird that I'm the only one hitting this frequently, I just wish I knew what was causing it!

Just happened again with those extensions disabled 😞

Okay, thanks for the update. I've got an idea on what might fix this :)