Mobile Beta session getting logged out unexpectedly

Thanks DL, Tested on iOS and Android (v1.35 build 319) as per test steps on 5.27 release branch and was not logged out after the 24 hour mark. Closing.

Tested on iOS and Android (v1.35 build 319) as per test steps on 5.25.4-rc1 and 5.26.1-rc1 and was not logged out after the 24 hour mark.

PR:

Theory: the expiry is getting reduced via the “else” below:

/model/session.go:118

ExpiresAt can now be greater than CreateAt + session_length, however this code will always bring it back to CreateAt + session_length. This means the user would be forced to log in every session_length days. This gets called for mobile every time the app is opened via /api/v4/sessions/device which calls attachDeviceId which calls the code above.

Simply removing the “else” will extend expiry for mobile on every app launch, even if ExtendSessionLengthWithActivity is disabled. Therefore the fix will need to take that into account.

Thread referenced above (https://community-release.mattermost.com/core/pl/hb8bcbgu13g8mbdp7ujj3icupo) pertains to ticket which is happening on server version 5.21. Might be related to this one (or not). Note the ExtendSessionLengthWithActivity setting is not available until 5.24.

Notes:

• MfaAuth enabled for all reported occurances

• ExtendSessionLengthWithActivity is enabled for community

• Mobile, desktop, web instances of this issue reported by different customers

• Session timeouts set to 30 days for daily and community

• Sample error from server 5.21 case:

This error only happens in code when a one-time password is wrong. Doesn’t seem related.

• reported cases are on clusters