See https://community.mattermost.com/core/pl/qe6eioxj7i8hpq7mx6d69f5buw
Several mobile users, including Elias, report being logged out unexpectedly on community using latest mobile beta. `ServiceSetting.ExtendSessionLengthWithActivity` is confirmed enabled on community.
Set `ExtendSessionLengthWithActivity` to True in System Console
Set Mobile session length to 1 day
Log in on mobile apps (iOS/Android)
Make a post and note the time
After 15 min, go back and make another post then put the apps into the background
At the 24 hour mark after you made the first post, check that you have not been logged out (session was extended past 24hrs when you made the 2nd post)
Thread referenced above (https://community-release.mattermost.com/core/pl/hb8bcbgu13g8mbdp7ujj3icupo) pertains to ticket which is happening on server version 5.21. Might be related to this one (or not). Note the ExtendSessionLengthWithActivity setting is not available until 5.24.
Notes:
MfaAuth enabled for all reported occurances
ExtendSessionLengthWithActivity is enabled for community
Mobile, desktop, web instances of this issue reported by different customers
Session timeouts set to 30 days for daily and community
Sample error from server 5.21 case:
This error only happens in code when a one-time password is wrong. Doesn’t seem related.
reported cases are on clusters
Theory: the expiry is getting reduced via the “else” below:
/model/session.go:118
ExpiresAt can now be greater than CreateAt + session_length, however this code will always bring it back to CreateAt + session_length. This means the user would be forced to log in every session_length days. This gets called for mobile every time the app is opened via /api/v4/sessions/device which calls attachDeviceId which calls the code above.
Simply removing the “else” will extend expiry for mobile on every app launch, even if ExtendSessionLengthWithActivity is disabled. Therefore the fix will need to take that into account.
PR:
Tested on iOS and Android (v1.35 build 319) as per test steps on 5.25.4-rc1 and 5.26.1-rc1 and was not logged out after the 24 hour mark.
Thanks DL, Tested on iOS and Android (v1.35 build 319) as per test steps on 5.27 release branch and was not logged out after the 24 hour mark. Closing.