github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-21 18:53:07 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

It always automatically logs out #2588

New Issue
Open
opened 2026-03-22 14:13:38 -05:00 by GiteaMirror · 13 comments
GiteaMirror commented 2026-03-22 14:13:38 -05:00
Owner
Copy Link

Originally created by @cherish-ltt on GitHub (Mar 11, 2026).

Pre-submission checklist

  • I have searched for existing open or closed issue reports with the same problem.

Description

Whether it's a desktop.exe, an Android.apk, or a web-UI,It always automatically logs out
I checked the option to remember me
But after I use it for a few minutes, it always automatically logs out
I need to login in again
This is extremely troublesome

Vikunja Version

now-latest

Browser and version

firefox,desktop.exe,Android.apk

Can you reproduce the bug on the Vikunja demo site?

Yes

Screenshots

No response

Originally created by @cherish-ltt on GitHub (Mar 11, 2026). ### Pre-submission checklist - [x] I have searched for existing open or closed issue reports with the same problem. ### Description Whether it's a desktop.exe, an Android.apk, or a web-UI,It always automatically logs out I checked the option to `remember me` But after I use it for a few minutes, it always automatically logs out I need to login in again This is extremely troublesome ### Vikunja Version now-latest ### Browser and version firefox,desktop.exe,Android.apk ### Can you reproduce the bug on the Vikunja demo site? Yes ### Screenshots _No response_
GiteaMirror commented 2026-03-22 14:13:40 -05:00
Author
Owner
Copy Link

@Kuphi commented on GitHub (Mar 12, 2026):

A possible fix for a safe environment might be to do:
nano /etc/vikunja/config.yml

service:
  # This secret secures your login sessions
  jwtsecret: "CHANGETHISTOYOURSECRET"
  # The duration of the issued JWT tokens in seconds (3 Days).
  jwtttl: 259200
  # The duration of the "remember me" time in seconds (30 Days).
  jwtttllong: 2592000
  # CHANGE THIS: Increase the short-lived token to 30 days (2592000)
  jwtttlshort: 2592000

I'm testing it now and will follow up if there are any problems.

Edit: restart server and then desktop app to apply the modified config file.

@Kuphi commented on GitHub (Mar 12, 2026): A possible fix for a safe environment might be to do: `nano /etc/vikunja/config.yml` ``` service: # This secret secures your login sessions jwtsecret: "CHANGETHISTOYOURSECRET" # The duration of the issued JWT tokens in seconds (3 Days). jwtttl: 259200 # The duration of the "remember me" time in seconds (30 Days). jwtttllong: 2592000 # CHANGE THIS: Increase the short-lived token to 30 days (2592000) jwtttlshort: 2592000 ``` I'm testing it now and will follow up if there are any problems. Edit: restart server and then desktop app to apply the modified config file.
GiteaMirror commented 2026-03-22 14:13:40 -05:00
Author
Owner
Copy Link

@cherish-ltt commented on GitHub (Mar 12, 2026):

got it, feedback after 3 days

♚丶
@.***

♚丶十年戎马征沙场

@cherish-ltt commented on GitHub (Mar 12, 2026): got it, feedback after 3 days ♚丶 ***@***.*** ♚丶十年戎马征沙场
GiteaMirror commented 2026-03-22 14:13:41 -05:00
Author
Owner
Copy Link

@cherish-ltt commented on GitHub (Mar 13, 2026):

A possible fix for a safe environment might be to do: nano /etc/vikunja/config.yml

service:
  # This secret secures your login sessions
  jwtsecret: "CHANGETHISTOYOURSECRET"
  # The duration of the issued JWT tokens in seconds (3 Days).
  jwtttl: 259200
  # The duration of the "remember me" time in seconds (30 Days).
  jwtttllong: 2592000
  # CHANGE THIS: Increase the short-lived token to 30 days (2592000)
  jwtttlshort: 2592000

I'm testing it now and will follow up if there are any problems.

Edit: restart server and then desktop app to apply the modified config file.

24 hours have passed, and the account has not automatically logged out. I think this issue can be closed now.
Additionally, I have set jwtttl, jwtttllong, and jwtttlshort to 365 days. As long as I don't disclose the JWT, I am safe, right?

@cherish-ltt commented on GitHub (Mar 13, 2026): > A possible fix for a safe environment might be to do: `nano /etc/vikunja/config.yml` > > ``` > service: > # This secret secures your login sessions > jwtsecret: "CHANGETHISTOYOURSECRET" > # The duration of the issued JWT tokens in seconds (3 Days). > jwtttl: 259200 > # The duration of the "remember me" time in seconds (30 Days). > jwtttllong: 2592000 > # CHANGE THIS: Increase the short-lived token to 30 days (2592000) > jwtttlshort: 2592000 > ``` > > I'm testing it now and will follow up if there are any problems. > > Edit: restart server and then desktop app to apply the modified config file. 24 hours have passed, and the account has not automatically logged out. I think this issue can be closed now. Additionally, I have set jwtttl, jwtttllong, and jwtttlshort to 365 days. As long as I don't disclose the JWT, I am safe, right?
GiteaMirror commented 2026-03-22 14:13:42 -05:00
Author
Owner
Copy Link

@MajorMoth commented on GitHub (Mar 13, 2026):

is this something that's going to get pushed in an update or do we have to apply this config fix ourselves?

@MajorMoth commented on GitHub (Mar 13, 2026): is this something that's going to get pushed in an update or do we have to apply this config fix ourselves?
GiteaMirror commented 2026-03-22 14:13:43 -05:00
Author
Owner
Copy Link

@Kuphi commented on GitHub (Mar 13, 2026):

is this something that's going to get pushed in an update or do we have to apply this config fix ourselves?

My config is just a workaround. This bug should be reopened.

@Kuphi commented on GitHub (Mar 13, 2026): > is this something that's going to get pushed in an update or do we have to apply this config fix ourselves? My config is just a workaround. This bug should be reopened.
GiteaMirror commented 2026-03-22 14:13:43 -05:00
Author
Owner
Copy Link

@cherish-ltt commented on GitHub (Mar 13, 2026):

is this something that's going to get pushed in an update or do we have to apply this config fix ourselves?

My config is just a workaround. This bug should be reopened.

reopened

@cherish-ltt commented on GitHub (Mar 13, 2026): > > is this something that's going to get pushed in an update or do we have to apply this config fix ourselves? > > My config is just a workaround. This bug should be reopened. reopened
GiteaMirror commented 2026-03-22 14:13:43 -05:00
Author
Owner
Copy Link

@MajorMoth commented on GitHub (Mar 16, 2026):

A possible fix for a safe environment might be to do: nano /etc/vikunja/config.yml

service:
  # This secret secures your login sessions
  jwtsecret: "CHANGETHISTOYOURSECRET"
  # The duration of the issued JWT tokens in seconds (3 Days).
  jwtttl: 259200
  # The duration of the "remember me" time in seconds (30 Days).
  jwtttllong: 2592000
  # CHANGE THIS: Increase the short-lived token to 30 days (2592000)
  jwtttlshort: 2592000

I'm testing it now and will follow up if there are any problems.

Edit: restart server and then desktop app to apply the modified config file.

So, for me the android app doesn't log out, but my desktop app does. I applied the config, and the desktop app keeps logging out while the android app stays logged in. I'm so confused.

@MajorMoth commented on GitHub (Mar 16, 2026): > A possible fix for a safe environment might be to do: `nano /etc/vikunja/config.yml` > > ``` > service: > # This secret secures your login sessions > jwtsecret: "CHANGETHISTOYOURSECRET" > # The duration of the issued JWT tokens in seconds (3 Days). > jwtttl: 259200 > # The duration of the "remember me" time in seconds (30 Days). > jwtttllong: 2592000 > # CHANGE THIS: Increase the short-lived token to 30 days (2592000) > jwtttlshort: 2592000 > ``` > > I'm testing it now and will follow up if there are any problems. > > Edit: restart server and then desktop app to apply the modified config file. So, for me the android app doesn't log out, but my desktop app does. I applied the config, and the desktop app keeps logging out while the android app stays logged in. I'm so confused.
GiteaMirror commented 2026-03-22 14:13:45 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 16, 2026):

There have been a few changes recently that should improve this, can you check if the same happens with an unstable build?

@kolaente commented on GitHub (Mar 16, 2026): There have been a few changes recently that should improve this, can you check if the same happens with an unstable build?
GiteaMirror commented 2026-03-22 14:13:45 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 16, 2026):

Changing service.jwtttlshort is a workaround that will make your security significantly worse. When you log out on all devices, your sessions will stay active for at most whatever you set there.

So no, we won't change the default config.

@kolaente commented on GitHub (Mar 16, 2026): Changing `service.jwtttlshort` is a workaround that will make your security significantly worse. When you log out on all devices, your sessions will stay active for at most whatever you set there. So no, we won't change the default config.
GiteaMirror commented 2026-03-22 14:13:45 -05:00
Author
Owner
Copy Link

@MajorMoth commented on GitHub (Mar 16, 2026):

There have been a few changes recently that should improve this, can you check if the same happens with an unstable build?

Let me preface with the fact I'm new to selfhosting.
I have Vikunja running on TrueNAS Scale, how would I go about changing the version to an unstable build? I'm currently on v2.0.8

@MajorMoth commented on GitHub (Mar 16, 2026): > There have been a few changes recently that should improve this, can you check if the same happens with an unstable build? Let me preface with the fact I'm new to selfhosting. I have Vikunja running on TrueNAS Scale, how would I go about changing the version to an unstable build? I'm currently on v2.0.8
GiteaMirror commented 2026-03-22 14:13:46 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 17, 2026):

There is no Vikunja v2.0.8, that's probably the installation package from TrueNAS?

I have no idea how they do it, you'll probably need to check their docs or ask in a forum.

@kolaente commented on GitHub (Mar 17, 2026): There is no Vikunja v2.0.8, that's probably the installation package from TrueNAS? I have no idea how they do it, you'll probably need to check their docs or ask in a forum.
GiteaMirror commented 2026-03-22 14:13:47 -05:00
Author
Owner
Copy Link

@MajorMoth commented on GitHub (Mar 17, 2026):

There is no Vikunja v2.0.8, that's probably the installation package from TrueNAS?

I have no idea how they do it, you'll probably need to check their docs or ask in a forum.

I just upgraded again, here's how it looks in the web ui
I will let you know if I'm still getting logged out.
EDIT: Yeah, still getting logged out.

Image
@MajorMoth commented on GitHub (Mar 17, 2026): > There is no Vikunja v2.0.8, that's probably the installation package from TrueNAS? > > I have no idea how they do it, you'll probably need to check their docs or ask in a forum. I just upgraded again, here's how it looks in the web ui I will let you know if I'm still getting logged out. EDIT: Yeah, still getting logged out. <img width="446" height="313" alt="Image" src="https://github.com/user-attachments/assets/7346ef4c-5e1f-488b-bfd6-ad783b35a5f5" />
GiteaMirror commented 2026-03-22 14:13:48 -05:00
Author
Owner
Copy Link

@MajorMoth commented on GitHub (Mar 21, 2026):

There have been a few changes recently that should improve this, can you check if the same happens with an unstable build?

I upgraded to v2.2.0 of the desktop app and it still logs me out

@MajorMoth commented on GitHub (Mar 21, 2026): > There have been a few changes recently that should improve this, can you check if the same happens with an unstable build? I upgraded to v2.2.0 of the desktop app and it still logs me out
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#2588
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?