[GH-ISSUE #2309] Sessions Expiring Quickly #6630

New Issue

Closed

opened 2026-04-20 17:13:26 -05:00 by GiteaMirror · 22 comments

GiteaMirror commented 2026-04-20 17:13:26 -05:00

Owner

Copy Link

Originally created by @eblount on GitHub (Feb 26, 2026).
Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/2309

Pre-submission checklist

• I have searched for existing open or closed issue reports with the same problem.

Description

After upgrading the server and clients to version 2.0.0, sessions are expiring very quickly. I now have to log back in every hour or less, even when checking "Stay logged in". Any advice on this?

Vikunja Version

2.0.0

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @eblount on GitHub (Feb 26, 2026). Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/2309 ### Pre-submission checklist - [x] I have searched for existing open or closed issue reports with the same problem. ### Description After upgrading the server and clients to version 2.0.0, sessions are expiring very quickly. I now have to log back in every hour or less, even when checking "Stay logged in". Any advice on this? ### Vikunja Version 2.0.0 ### Browser and version _No response_ ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_

GiteaMirror closed this issue 2026-04-20 17:13:26 -05:00

GiteaMirror commented 2026-04-20 17:13:27 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Feb 26, 2026):

How are you hosting Vikunja?

<!-- gh-comment-id:3969320766 --> @kolaente commented on GitHub (Feb 26, 2026): How are you hosting Vikunja?

GiteaMirror commented 2026-04-20 17:13:27 -05:00

Author

Owner

Copy Link

@eblount commented on GitHub (Feb 26, 2026):

@kolaente Proxmox, using the community script. So non-Docker, just a service. Pretty stock config.yml, only added mail config.

<!-- gh-comment-id:3969380363 --> @eblount commented on GitHub (Feb 26, 2026): @kolaente Proxmox, using the community script. So non-Docker, just a service. Pretty stock config.yml, only added mail config.

GiteaMirror commented 2026-04-20 17:13:28 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Feb 26, 2026):

Are you using a reverse proxy?

<!-- gh-comment-id:3969559076 --> @kolaente commented on GitHub (Feb 26, 2026): Are you using a reverse proxy?

GiteaMirror commented 2026-04-20 17:13:28 -05:00

Author

Owner

Copy Link

@eblount commented on GitHub (Feb 26, 2026):

@kolaente Yes, Caddy reverse proxy. Interestingly, it only seems to be an issue for the desktop/Android clients. The web client stays logged in fine, and that is running through the reverse proxy as well.

<!-- gh-comment-id:3969792436 --> @eblount commented on GitHub (Feb 26, 2026): @kolaente Yes, Caddy reverse proxy. Interestingly, it only seems to be an issue for the desktop/Android clients. The web client stays logged in fine, and that is running through the reverse proxy as well.

GiteaMirror commented 2026-04-20 17:13:29 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Feb 26, 2026):

Ah, that's a good hint - the Android client does not yet support the new refresh, that means tokens expire.

Did you update the desktop app?

<!-- gh-comment-id:3969799427 --> @kolaente commented on GitHub (Feb 26, 2026): Ah, that's a good hint - the Android client does not yet support the new refresh, that means tokens expire. Did you update the desktop app?

GiteaMirror commented 2026-04-20 17:13:29 -05:00

Author

Owner

Copy Link

@eblount commented on GitHub (Feb 26, 2026):

@kolaente I did, yes. Confirmed running 2.0.0. Two different Windows computers, both experiencing the issue.

<!-- gh-comment-id:3969805656 --> @eblount commented on GitHub (Feb 26, 2026): @kolaente I did, yes. Confirmed running 2.0.0. Two different Windows computers, both experiencing the issue.

GiteaMirror commented 2026-04-20 17:13:30 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 2, 2026):

@kolaente
I have the same issue on mobile (opened an issue here: https://github.com/go-vikunja/app/issues/238)

And today working on the desktop app again I also experience this issue, here I have to relogin after less than 15minutes.
Also authentik does no longer seem to keep the authentik session alive, means I have to compledtely re-sign in every 15 minutes or less, which makes vikunja barely usable at all!

Upon getting logged out I receive this:

Is a downgrade possible?

<!-- gh-comment-id:3982859754 --> @CrazyWolf13 commented on GitHub (Mar 2, 2026): @kolaente I have the same issue on mobile (opened an issue here: https://github.com/go-vikunja/app/issues/238) And today working on the desktop app again I also experience this issue, here I have to relogin after less than 15minutes. Also authentik does no longer seem to keep the authentik session alive, means I have to compledtely re-sign in every 15 minutes or less, which makes vikunja barely usable at all! Upon getting logged out I receive this: <img width="377" height="117" alt="Image" src="https://github.com/user-attachments/assets/7cb79fe1-f22d-4c2e-a253-c6209f8f9395" /> Is a downgrade possible?

GiteaMirror commented 2026-04-20 17:13:30 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Mar 2, 2026):

This sounds like the session refresh is not working correctly. To debug this, can you

1. open the dev tools (F12 in the browser, ctrl + shift + I on the desktop app)
2. filter for refresh (in the search bar)
3. leave it as is for 15 minutes
4. check if any of the refresh requests are failing

<!-- gh-comment-id:3982902564 --> @kolaente commented on GitHub (Mar 2, 2026): This sounds like the session refresh is not working correctly. To debug this, can you 1. open the dev tools (F12 in the browser, ctrl + shift + I on the desktop app) 2. filter for `refresh` (in the search bar) 3. leave it as is for 15 minutes 4. check if any of the refresh requests are failing

GiteaMirror commented 2026-04-20 17:13:30 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 2, 2026):

@kolaente
That is the whole process from login to getting logged out.

Also it seems to clear API URL each time, so I have to manually enter the URL each time.

<!-- gh-comment-id:3983080317 --> @CrazyWolf13 commented on GitHub (Mar 2, 2026): @kolaente That is the whole process from login to getting logged out. <img width="683" height="713" alt="Image" src="https://github.com/user-attachments/assets/79541d61-3c2f-4006-a76c-fba5e8b44405" /> Also it seems to clear API URL each time, so I have to manually enter the URL each time.

GiteaMirror commented 2026-04-20 17:13:31 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Mar 2, 2026):

What do you see in the network tab for the request to /api/v1/user/token/refresh? What's the server response?

<!-- gh-comment-id:3983518133 --> @kolaente commented on GitHub (Mar 2, 2026): What do you see in the network tab for the request to `/api/v1/user/token/refresh`? What's the server response?

GiteaMirror commented 2026-04-20 17:13:31 -05:00

Author

Owner

Copy Link

@Soused19 commented on GitHub (Mar 2, 2026):

Hello,
I have the same issue - i use desktop app (v 2.1.0)

<!-- gh-comment-id:3983635614 --> @Soused19 commented on GitHub (Mar 2, 2026): Hello, I have the same issue - i use desktop app (v 2.1.0) <img width="341" height="135" alt="Image" src="https://github.com/user-attachments/assets/0379a519-b660-41f1-8ae6-8455d178e48c" /> <img width="753" height="712" alt="Image" src="https://github.com/user-attachments/assets/07fd4fc1-4fc5-472d-9317-a6a0231dd71d" />

GiteaMirror commented 2026-04-20 17:13:31 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 2, 2026):

Response is:

{"message":"No refresh token provided."}

<!-- gh-comment-id:3984236978 --> @CrazyWolf13 commented on GitHub (Mar 2, 2026): Response is: ```json {"message":"No refresh token provided."} ````

GiteaMirror commented 2026-04-20 17:13:32 -05:00

Author

Owner

Copy Link

@vikunja-bot-app[bot] commented on GitHub (Mar 2, 2026):

This issue has been fixed in 28f98a7, please check with the next unstable build (should be ready for deployment in ~30min, also on the demo).

<!-- gh-comment-id:3984278500 --> @vikunja-bot-app[bot] commented on GitHub (Mar 2, 2026): This issue has been fixed in [`28f98a7`](https://api.github.com/repos/go-vikunja/vikunja/commits/28f98a7a968ca5ee1d00db1fce02bb26b61cd410), please check with the next unstable build (should be ready for deployment in ~30min, also on [the demo](https://try.vikunja.io)).

GiteaMirror commented 2026-04-20 17:13:32 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 2, 2026):

@kolaente I just wanted to try out the unstable, but there seems to be no new release:

Last one was from like 6h ago, commit was 2h ago

<!-- gh-comment-id:3985009963 --> @CrazyWolf13 commented on GitHub (Mar 2, 2026): @kolaente I just wanted to try out the unstable, but there seems to be no new release: <img width="1676" height="181" alt="Image" src="https://github.com/user-attachments/assets/07144549-06df-4c26-95f3-4e52931dc3c8" /> Last one was from like 6h ago, commit was 2h ago

GiteaMirror commented 2026-04-20 17:13:33 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 3, 2026):

@kolaente Seems like a new image is available, but this fully broke the app for me:

Log:

Mar 03 13:39:11 vikunja vikunja[24172]: time=2026-03-03T13:39:11.015+01:00 level=ERROR msg="invalid claim data for field email of type missing"
Mar 03 13:39:11 vikunja vikunja[24172]: time=2026-03-03T13:39:11.016+01:00 level=INFO msg="[SQL] SELECT `id`, `name`, `username`, `password`, `email`, `status`, `avatar_provider`, `avatar_file_id`, `issuer`, `subject`, `email_reminders_enabled`, `discoverable_by_name`, `discoverable_by_email`, `overdue_tasks_reminders_enabled`, `overdue_tasks_reminders_time`, `default_project_id`, `week_start`, `language`, `timezone`, `deletion_scheduled_at`, `deletion_last_reminder_sent`, `frontend_settings`, `extra_settings_links`, `export_file_id`, `created`, `updated` FROM `users` WHERE `username`=? LIMIT 1 [honestly-golden-condor] - 87.601µs" component=database

<!-- gh-comment-id:3990761425 --> @CrazyWolf13 commented on GitHub (Mar 3, 2026): @kolaente Seems like a new image is available, but this fully broke the app for me: <img width="1306" height="692" alt="Image" src="https://github.com/user-attachments/assets/ffb7e679-b62f-4894-8437-ee45380b3fe5" /> Log: ```bash Mar 03 13:39:11 vikunja vikunja[24172]: time=2026-03-03T13:39:11.015+01:00 level=ERROR msg="invalid claim data for field email of type missing" Mar 03 13:39:11 vikunja vikunja[24172]: time=2026-03-03T13:39:11.016+01:00 level=INFO msg="[SQL] SELECT `id`, `name`, `username`, `password`, `email`, `status`, `avatar_provider`, `avatar_file_id`, `issuer`, `subject`, `email_reminders_enabled`, `discoverable_by_name`, `discoverable_by_email`, `overdue_tasks_reminders_enabled`, `overdue_tasks_reminders_time`, `default_project_id`, `week_start`, `language`, `timezone`, `deletion_scheduled_at`, `deletion_last_reminder_sent`, `frontend_settings`, `extra_settings_links`, `export_file_id`, `created`, `updated` FROM `users` WHERE `username`=? LIMIT 1 [honestly-golden-condor] - 87.601µs" component=database ```

GiteaMirror commented 2026-04-20 17:13:33 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Mar 3, 2026):

is this when logging in via oauth? Does it work in a private tab?

<!-- gh-comment-id:3990878714 --> @kolaente commented on GitHub (Mar 3, 2026): is this when logging in via oauth? Does it work in a private tab?

GiteaMirror commented 2026-04-20 17:13:34 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 3, 2026):

@kolaente It was before the login process even started.

Yeah it seems like after roughly 15 minutes it's working again.

However the desktop app seems to be faulty too:
version: latest unstable (as of 10 minutes ago)

<!-- gh-comment-id:3990896502 --> @CrazyWolf13 commented on GitHub (Mar 3, 2026): @kolaente It was before the login process even started. Yeah it seems like after roughly 15 minutes it's working again. However the desktop app seems to be faulty too: version: latest unstable (as of 10 minutes ago) <img width="1271" height="847" alt="Image" src="https://github.com/user-attachments/assets/da2a43fd-4f19-4e8b-a4e2-91b633e6356a" />

GiteaMirror commented 2026-04-20 17:13:35 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Mar 3, 2026):

Did you change anything about the CORS settings on your server?

<!-- gh-comment-id:3991046306 --> @kolaente commented on GitHub (Mar 3, 2026): Did you change anything about the CORS settings on your server?

GiteaMirror commented 2026-04-20 17:13:35 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 3, 2026):

@kolaente I changed absolutely nothing in the config.

current settings:

cors:
  # Whether to enable or disable cors headers.
  # Note: If you want to put the frontend and the api on separate domains or ports, you will need to enable this.
  #       Otherwise the frontend won't be able to make requests to the api through the browser.
  enable: true
  # A list of origins which may access the api. These need to include the protocol (`http://` or `https://`) and port, if any.
  origins:
    - "*"
  # How long (in seconds) the results of a preflight request can be cached.
  maxage: 0

<!-- gh-comment-id:3991096957 --> @CrazyWolf13 commented on GitHub (Mar 3, 2026): @kolaente I changed absolutely nothing in the config. current settings: ```yaml cors: # Whether to enable or disable cors headers. # Note: If you want to put the frontend and the api on separate domains or ports, you will need to enable this. # Otherwise the frontend won't be able to make requests to the api through the browser. enable: true # A list of origins which may access the api. These need to include the protocol (`http://` or `https://`) and port, if any. origins: - "*" # How long (in seconds) the results of a preflight request can be cached. maxage: 0 ```

GiteaMirror commented 2026-04-20 17:13:36 -05:00

Author

Owner

Copy Link

@eblount commented on GitHub (Mar 4, 2026):

@kolaente Android app seems to be working! Thanks! Any chance we can get an updated desktop app release soon, please?

<!-- gh-comment-id:3998135279 --> @eblount commented on GitHub (Mar 4, 2026): @kolaente Android app seems to be working! Thanks! Any chance we can get an updated desktop app release soon, please?

GiteaMirror commented 2026-04-20 17:13:36 -05:00

Author

Owner

Copy Link

@kolaente commented on GitHub (Mar 4, 2026):

@CrazyWolf13 does it work in a private tab?

@eblount There's a release scheduled for next week, until then you can use the unstable builds.

<!-- gh-comment-id:4000623085 --> @kolaente commented on GitHub (Mar 4, 2026): @CrazyWolf13 does it work in a private tab? @eblount There's a release scheduled for next week, until then you can use the unstable builds.

GiteaMirror commented 2026-04-20 17:13:37 -05:00

Author

Owner

Copy Link

@CrazyWolf13 commented on GitHub (Mar 5, 2026):

@kolaente I think I've gotten a broken unstable build.
As of unstable yesterday, everything seems to be working fine :D

<!-- gh-comment-id:4002797267 --> @CrazyWolf13 commented on GitHub (Mar 5, 2026): @kolaente I think I've gotten a broken unstable build. As of unstable yesterday, everything seems to be working fine :D

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

renovate/dev-dependencies

claude/explore-quick-add-related-tasks-EDxUB

claude/analyze-beans-project-9VxoS

feat-huma-api-v2-migration

feat-v2-foundation

spike-huma-openapi3

claude/investigate-swagger3-support-nyyUa

feat-list-view-buckets

ci-mysql-8-test

codex/analyze-codebase-for-email-task-feature

feat-project-templates

csv-import-feature

claude/email-reply-comments-wpdcQ

fix-oidc-pkce-support

fix/overview-subtasks-expand

feat/bucket-select-task-detail

feat-soft-delete-projects

claude/review-bot-design-plan-cf5C3

claude/project-scoped-api-tokens-KTqR3

claude/explore-openclaw-integration-KQEzg

claude/project-scoped-api-tokens-yv5KS

fix-duplicate-close-button

feat-list-view-sorting

feat/official-vite-sentry-plugin

feat/highlight-overdue-tasks

feat/add-enter-key-form-submission-handling

feat/TipTap-nits

feat/update-caldavtimetotimestamp-parsing

feat-phosphor-icons

wip-plans

claude/investigate-issue-2173-llKme

fix-description-text-drag

feat-custom-keyboard-shortcuts

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

playwright-migration

fix-kanban-repeating-wip

copilot/fix-1498

feature/replace-axios

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

v2.3.0

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.0

v1.1.0

v1.0.0

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

v1.0.0-rc0

v0.24.6

v0.24.5

v0.24.4

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.0

v0.22.1

v0.22.0

0.21.0

v0.21.0

v0.20.4

v0.20.5

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

vue3

v0.18.1

v0.18.0

v0.17.1

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.1

v0.13

v0.12

v0.11

v0.10

v0.9

v0.8

v0.7

v0.6

v0.5

v0.4

v0.3

v0.2

v0.1

Labels

Clear labels

area/api

area/attachments

area/auth

area/avatars

area/backup-restore

area/caldav

area/calendar-view

area/comments

area/config

area/database

area/desktop

area/docker

area/email

area/favorites

area/filters

area/frontend

area/gantt

area/i18n

area/import-export

area/internal-code

area/kanban

area/labels

area/list-view

area/mobile

area/notifications

area/permissions

area/projects

area/pwa

area/recurring-tasks

area/reminders

area/search

area/shortcuts

area/subtasks

area/sync

area/table-view

area/task-editor

area/task-metadata

area/task-relations

area/teams

area/theming

area/time-tracking

area/typesense

area/views

area/webhooks

bug

changes requested

concern/accessibility

concern/performance

concern/regression

concern/ux

confirmed

db/mysql

dependencies

enhancement

good first issue

help wanted

integration/inbound

integration/outbound

kind/bug

kind/feature

needs reproduction

pull-request

Mirrored from GitHub Pull Request

question

security

support

upstream issue

waiting for reply

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vikunja#6630