Mobile Beta session getting logged out unexpectedly

Description

See https://community.mattermost.com/core/pl/qe6eioxj7i8hpq7mx6d69f5buw

Several mobile users, including Elias, report being logged out unexpectedly on community using latest mobile beta. `ServiceSetting.ExtendSessionLengthWithActivity` is confirmed enabled on community.

QA Test Steps

  • Set `ExtendSessionLengthWithActivity` to True in System Console

  • Set Mobile session length to 1 day

  • Log in on mobile apps (iOS/Android)

  • Make a post and note the time

  • After 15 min, go back and make another post then put the apps into the background

  • At the 24 hour mark after you made the first post, check that you have not been logged out (session was extended past 24hrs when you made the 2nd post)

Activity

Show:
Lindy Isherwood
August 27, 2020, 10:33 AM

Thanks DL, Tested on iOS and Android (v1.35 build 319) as per test steps on 5.27 release branch and was not logged out after the 24 hour mark. Closing.

Lindy Isherwood
August 20, 2020, 9:56 AM

Tested on iOS and Android (v1.35 build 319) as per test steps on 5.25.4-rc1 and 5.26.1-rc1 and was not logged out after the 24 hour mark.

Doug Lauder
July 31, 2020, 9:07 PM

PR:

Doug Lauder
July 29, 2020, 7:03 PM
Edited

Theory: the expiry is getting reduced via the “else” below:

/model/session.go:118

ExpiresAt can now be greater than CreateAt + session_length, however this code will always bring it back to CreateAt + session_length. This means the user would be forced to log in every session_length days. This gets called for mobile every time the app is opened via /api/v4/sessions/device which calls attachDeviceId which calls the code above.

Simply removing the “else” will extend expiry for mobile on every app launch, even if ExtendSessionLengthWithActivity is disabled. Therefore the fix will need to take that into account.

Doug Lauder
July 28, 2020, 6:12 PM
Edited

Thread referenced above (https://community-release.mattermost.com/core/pl/hb8bcbgu13g8mbdp7ujj3icupo) pertains to ticket which is happening on server version 5.21. Might be related to this one (or not). Note the ExtendSessionLengthWithActivity setting is not available until 5.24.

Notes:

  • MfaAuth enabled for all reported occurances

  • ExtendSessionLengthWithActivity is enabled for community

  • Mobile, desktop, web instances of this issue reported by different customers

  • Session timeouts set to 30 days for daily and community

  • Sample error from server 5.21 case:

This error only happens in code when a one-time password is wrong. Doesn’t seem related.

  • reported cases are on clusters

Done

Mana

None

Assignee

Doug Lauder

QA Assignee

Lindy Isherwood

Reporter

Doug Lauder

Epic Link

None

Mattermost Team

Server

Sprint

None

QA Testing Areas

Mobile - RN

GitHub Issue

None

Components

None

Severity

None