[GH-ISSUE #8254 ] [Bug] Frequent login prompts #3692

mirror commented

Author

Owner

@annieappflowy commented on GitHub (Oct 5, 2025):

The session lasts for 1 week, and it will refresh every time you open the app.

Can you share the log file so we can take a closer look into this issue?

How to export logs:

Settings -> Manage data -> Export log files

@annieappflowy commented on GitHub (Oct 5, 2025): The session lasts for 1 week, and it will refresh every time you open the app. Can you share the log file so we can take a closer look into this issue? How to export logs: Settings -> Manage data -> Export log files

mirror commented

Author

Owner

@lalomartins commented on GitHub (Oct 5, 2025):

Hi Annie.

A week is way too short for an app. I don't think I have any other apps that log me out that often (other than banks, password managers, and stuff, and those make it easy to reauthenticate with biometrics).

@lalomartins commented on GitHub (Oct 5, 2025): Hi Annie. A week is way too short for an app. I don't think I have any other apps that log me out that often (other than banks, password managers, and stuff, and those make it easy to reauthenticate with biometrics).

mirror commented

Author

Owner

@lalomartins commented on GitHub (Oct 5, 2025):

While we're at it — AppFlowy is particularly egregious because it's also not compatible with my password manager (or probably, with any). I have to manually open the password manager to copy the password, or open the email client for the magic link. This creates a lot of friction when I just wanted to jot down a quick note, at which point I might have forgotten what I wanted to write, or worse maybe I just wanted to check a note and this ended up taking more time than would be reasonable. If I was still evaluating the app, this friction would push me to just use other alternatives instead.

@lalomartins commented on GitHub (Oct 5, 2025): While we're at it — AppFlowy is particularly egregious because it's also not compatible with my password manager (or probably, with any). I have to manually open the password manager to copy the password, or open the email client for the magic link. This creates a lot of friction when I just wanted to jot down a quick note, at which point I might have forgotten what I wanted to write, or worse maybe I just wanted to *check* a note and this ended up taking more time than would be reasonable. If I was still evaluating the app, this friction would push me to just use other alternatives instead.

mirror commented

Author

Owner

@annieappflowy commented on GitHub (Oct 5, 2025):

If you open it every week, it will keep you logged in. The one-week expiry only applies when you don’t use it weekly.

@annieappflowy commented on GitHub (Oct 5, 2025): If you open it every week, it will keep you logged in. The one-week expiry only applies when you don’t use it weekly.

mirror commented

Author

Owner

@annieappflowy commented on GitHub (Oct 5, 2025):

Not following the above mentioned logic is for sure a bug we should look into.

@annieappflowy commented on GitHub (Oct 5, 2025): Not following the above mentioned logic is for sure a bug we should look into.

mirror commented

Author

Owner

@lalomartins commented on GitHub (Oct 5, 2025):

I see. Then maybe my problem is using multiple apps? 🤔 But IDK, I'm pretty sure I used my desktop app less than a week ago on the personal PC. Also… can't possibly have been a week on mobile? Maybe I'm just old 😹

I'm not comfortable uploading the logs here as I see they have private data. I can email them if you think it's helpful, but here are the lines that look relevant:

{"msg":"[LIST_WORKSPACE_MENTIONABLE_PERSONS - END]","time":"10-04 18:50:42","target":"client_api::http_person","elapsed_milliseconds":840}
{"msg":"[GET_SERVER_INFO - END]","time":"10-04 18:50:42","target":"client_api::http","elapsed_milliseconds":872}
{"msg":"Failed to get shared page details: FlowyError { code: UserUnauthorized, msg: \"fail to decode token, error:ExpiredSignature\", payload: [] }","time":"10-04 18:50:42","target":"flowy_folder::manager"}
{"msg":"[GET_PROFILE - EVENT] client_api::http","time":"10-04 18:50:42","target":"client_api::http","error":"code:UserUnAuthorized msg: fail to decode token, error:ExpiredSignature"}
{"msg":"[GET_PROFILE - END]","time":"10-04 18:50:42","target":"client_api::http","elapsed_milliseconds":832}
{"msg":"User is unauthorized, sign out the user","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager"}
{"msg":"[🟢 SIGN_OUT - START]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true}
{"msg":"[🟢 SIGN_OUT - START]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true}
{"msg":"[SIGN_OUT - EVENT] [Sign out] Sign out user: 379610030451724288","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true}
{"msg":"[🟢 REMOVE_USER_TOKEN - START]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true}
{"msg":"[REMOVE_USER_TOKEN - END]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","elapsed_milliseconds":2,"notify":true}
{"msg":"[SIGN_OUT - EVENT] [Sign out] Close user related database: 379610030451724288","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true}
{"msg":"[SIGN_OUT - EVENT] remove session: Some(Session { user_id: 379610030451724288, user_uuid: b8754841-b543-4a07-afb8-993ee1680465, workspace_id: \"2c10e133-5a7c-4a93-b117-1cad15deeba6\" })","time":"10-04 18:50:42","target":"flowy_user::services::authenticate_user","notify":true}
{"msg":"[SIGN_OUT - END]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","elapsed_milliseconds":7,"notify":true}
{"msg":"[SIGN_OUT - END]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","elapsed_milliseconds":7,"notify":true}
{"msg":"flowy_user::user_manager::manager","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","error":"code:Unauthorized user, message:fail to decode token, error:ExpiredSignature"}
{"msg":"[ON_LAUNCH_IF_AUTHENTICATED - EVENT] flowy_core::server_layer","time":"10-04 18:50:42","target":"flowy_core::server_layer","error":"code:Record not found, message:Can't find user session. Please login again"}

Personally I still think a week might be a little rough for an app, for use cases like this — where one or more of the app instances are secondary and therefore used less often. Maybe a month or so would be better? A week (or even 2 days) sounds reasonable for the web version, not for an app.

Meanwhile, it would be nice to make sure the login flow is compatible with password managers on mobile. Should I make a separate ticket for that?

@lalomartins commented on GitHub (Oct 5, 2025): I see. Then maybe my problem is using multiple apps? 🤔 But IDK, I'm pretty sure I used my desktop app less than a week ago on the personal PC. Also… can't possibly have been a week on mobile? Maybe I'm just old 😹 I'm not comfortable uploading the logs here as I see they have private data. I can email them if you think it's helpful, but here are the lines that look relevant: ```json {"msg":"[LIST_WORKSPACE_MENTIONABLE_PERSONS - END]","time":"10-04 18:50:42","target":"client_api::http_person","elapsed_milliseconds":840} {"msg":"[GET_SERVER_INFO - END]","time":"10-04 18:50:42","target":"client_api::http","elapsed_milliseconds":872} {"msg":"Failed to get shared page details: FlowyError { code: UserUnauthorized, msg: \"fail to decode token, error:ExpiredSignature\", payload: [] }","time":"10-04 18:50:42","target":"flowy_folder::manager"} {"msg":"[GET_PROFILE - EVENT] client_api::http","time":"10-04 18:50:42","target":"client_api::http","error":"code:UserUnAuthorized msg: fail to decode token, error:ExpiredSignature"} {"msg":"[GET_PROFILE - END]","time":"10-04 18:50:42","target":"client_api::http","elapsed_milliseconds":832} {"msg":"User is unauthorized, sign out the user","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager"} {"msg":"[🟢 SIGN_OUT - START]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true} {"msg":"[🟢 SIGN_OUT - START]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true} {"msg":"[SIGN_OUT - EVENT] [Sign out] Sign out user: 379610030451724288","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true} {"msg":"[🟢 REMOVE_USER_TOKEN - START]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true} {"msg":"[REMOVE_USER_TOKEN - END]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","elapsed_milliseconds":2,"notify":true} {"msg":"[SIGN_OUT - EVENT] [Sign out] Close user related database: 379610030451724288","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","notify":true} {"msg":"[SIGN_OUT - EVENT] remove session: Some(Session { user_id: 379610030451724288, user_uuid: b8754841-b543-4a07-afb8-993ee1680465, workspace_id: \"2c10e133-5a7c-4a93-b117-1cad15deeba6\" })","time":"10-04 18:50:42","target":"flowy_user::services::authenticate_user","notify":true} {"msg":"[SIGN_OUT - END]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","elapsed_milliseconds":7,"notify":true} {"msg":"[SIGN_OUT - END]","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","elapsed_milliseconds":7,"notify":true} {"msg":"flowy_user::user_manager::manager","time":"10-04 18:50:42","target":"flowy_user::user_manager::manager","error":"code:Unauthorized user, message:fail to decode token, error:ExpiredSignature"} {"msg":"[ON_LAUNCH_IF_AUTHENTICATED - EVENT] flowy_core::server_layer","time":"10-04 18:50:42","target":"flowy_core::server_layer","error":"code:Record not found, message:Can't find user session. Please login again"} ``` Personally I still think a week might be a little rough for an app, for use cases like this — where one or more of the app instances are secondary and therefore used less often. Maybe a month or so would be better? A week (or even 2 days) sounds reasonable for the web version, not for an app. Meanwhile, it would be nice to make sure the login flow is compatible with password managers on mobile. Should I make a separate ticket for that?

mirror commented

Author

Owner

@annieappflowy commented on GitHub (Oct 5, 2025):

We will take a look at why the pwd manager doesn't work on the login screen.

Could you please send the log file to support at appflowy.io?

Thank you so much for providing the feedback.

@annieappflowy commented on GitHub (Oct 5, 2025): We will take a look at why the pwd manager doesn't work on the login screen. Could you please send the log file to support at appflowy.io? Thank you so much for providing the feedback.

mirror commented

Author

Owner

@lalomartins commented on GitHub (Oct 5, 2025):

Wait, my debugging senses are tingling, I have a wild hypothesis.

Does it only renew the token when I launch the app? Because I'm one of those hibernate users, so typically I'll launch it and leave it running for days. I usually only fully shutdown when I leave town, and only reboot when there's a windows update (or something else asking me to reboot, and then I do it groaning and grumbling). So… next time I reboot and launch the app, it will be almost certainly more than a week since I did it for the first time, even though I was actively using it just a couple of hours ago.

@lalomartins commented on GitHub (Oct 5, 2025): Wait, my debugging senses are tingling, I have a wild hypothesis. Does it only renew the token when I *launch* the app? Because I'm one of those hibernate users, so typically I'll launch it and leave it running for days. I usually only fully shutdown when I leave town, and only reboot when there's a windows update (or something else asking me to reboot, and then I do it groaning and grumbling). So… next time I reboot and launch the app, it will be almost certainly more than a week since I did it for the first time, even though I was actively using it just a couple of hours ago.

mirror commented

Author

Owner

@zmascetta commented on GitHub (Oct 7, 2025):

I am also experiencing this. I haven't formally timed it, but it seems if I go more than 24 hours without opening the app, it will terminate my session and force me to log in again. I am on Fedora Kinoite, app version 0.10.0 (Flatpak version).

@zmascetta commented on GitHub (Oct 7, 2025): I am also experiencing this. I haven't formally timed it, but it seems if I go more than 24 hours without opening the app, it will terminate my session and force me to log in again. I am on Fedora Kinoite, app version 0.10.0 (Flatpak version).

mirror commented

Author

Owner

@appflowy commented on GitHub (Oct 8, 2025):

@lalomartins Could you share your device logs with me? If so, please send them to me directly on Discord.
When a token is refreshed, you should see a log message like: “Token is about to expire xxx.”

@appflowy commented on GitHub (Oct 8, 2025): @lalomartins Could you share your device logs with me? If so, please send them to me directly on Discord. When a token is refreshed, you should see a log message like: “Token is about to expire xxx.”

mirror commented

Author

Owner

@vendornet commented on GitHub (Oct 8, 2025):

I have the same issue. I am self hosting with the latest versions of the docker containers - 0.9.139. I have the issue with the app on Mac (0.10.0) and iPhone (0.10.1).

The issues started 2-3 weeks ago after version 0.9.8 I believe of the apps.

It might be related to bug in the refresh token or something else like dropping the session all together.

Edit: The web version works as expected and stays logged in.

@vendornet commented on GitHub (Oct 8, 2025): I have the same issue. I am self hosting with the latest versions of the docker containers - 0.9.139. I have the issue with the app on Mac (0.10.0) and iPhone (0.10.1). The issues started 2-3 weeks ago after version 0.9.8 I believe of the apps. It might be related to bug in the refresh token or something else like dropping the session all together. Edit: The web version works as expected and stays logged in.

mirror commented

Author

Owner

@rebelist commented on GitHub (Oct 8, 2025):

Same here, I open the client macos app daily but got prompted with password more often recently. So there can be an issue with the refresh token.

@rebelist commented on GitHub (Oct 8, 2025): Same here, I open the client macos app daily but got prompted with password more often recently. So there can be an issue with the refresh token.

mirror commented

Author

Owner

@lalomartins commented on GitHub (Oct 8, 2025):

@appflowy sorry for the late reply, I was moving and only now I got my PC set up again. Good news is since I haven't opened AppFlowy on the phone in a few days, there's a good chance it will manifest again. Can you DM me on discord what logs you want and how to get them? (Link is fine.) I'll hold on opening the app until then.

@lalomartins commented on GitHub (Oct 8, 2025): @appflowy sorry for the late reply, I was moving and only now I got my PC set up again. Good news is since I haven't opened AppFlowy on the phone in a few days, there's a good chance it will manifest again. Can you DM me on discord what logs you want and how to get them? (Link is fine.) I'll hold on opening the app until then.

mirror commented

Author

Owner

@appflowy commented on GitHub (Oct 9, 2025):

@lalomartins I will build a debug package for you. You can have a try. The logout issue should be fixed.

@appflowy commented on GitHub (Oct 9, 2025): @lalomartins I will build a debug package for you. You can have a try. The logout issue should be fixed.

mirror commented

Author

Owner

@vendornet commented on GitHub (Oct 19, 2025):

@appflowy I have downloaded the latest iOS client 0.10.2(3) and the issue seems to be resolved. Con you push the update to the desktop clients as well?

@vendornet commented on GitHub (Oct 19, 2025): @appflowy I have downloaded the latest iOS client 0.10.2(3) and the issue seems to be resolved. Con you push the update to the desktop clients as well?

mirror commented