Firefox Bitwarden extensions constantly logging me out

[matteematt]

Steps To Reproduce

Until a week or so ago, when I use the browser every day bitwarden stays logged in for long periods of time.

Expected Result

bitwarden stays logged in for long periods of time.

Actual Result

Bitwarden is logging me out almost every day

Screenshots or Videos

No response

Additional Context

This has only started recently. Once logged in I set it to be unlocked with PIN without needing master pasword again. Usually when I go on my laptop each day it would stay logged in, but now it keeps logging me out. The desktop application and the application on my phone is not having this issue

Operating System

macOS

Operating System Version

14.4.1 (23E224)

Web Browser

Firefox

Browser Version

124.0.2 (64-bit)

Build Version

2024.4.1

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[Krychaz]

Hello there,

Can you please share your timeout action and settings within your Bitwarden extension?

[matteematt]

Hi @Krychaz

[mervynfoxe]

+1, I've been seeing the same behavior for the past week and a half or so. Same environment, MacOS 14.4.1, FIrefox 124.0.2, BW extension 2024.4.1 (I don't have the issue on Chrome 123 on a separate 14.4.1 mac, nor with Chrome on Windows 11).

Assuming the same cause, it looks like the extension is locking but not performing a full logout (email is pre-filled and I am asked for my password, but not prompted for 2FA).

These are my set security settings, but when this issue pops up it unchecks the "Unlock with PIN" option and I have to set a new PIN.

[matteematt]

Yeah to be clear the browser extension isn't doing this on Chrome (and it seemed ok on Firefox on Linux too, but I have not used that as much recently to be certain).

On the browsers where I see the issue it doesn't do it every day, as today is ok. But it is happening across multiple profiles I have on the firefox browser on Mac

[Krychaz]

Thank you.

I have passed this issue to our engineering team.

[scottwallacesh]

Happens with Firefox on Linux too, if that helps.

[UplandsDynamic]

Same here. I've got Vault Timeout set to 'never'. Vault Timeout option is 'lock'. Environment is Firefox (currently version 125.0.2) and MacOS Sonoma 14.4.1.

[seetowsh]

I'm encountering the same problem on Firefox 125.0.2 x64, Windows 11 23H2

[arborealoctopus]

same here, multiple machines. between this and the biometrics-take-5-tries bug introduced 2 years ago and never fixed, bitwarden has really become a bit of a disappointment. I've stopped recommending it to people, personally, which is sad after so many years of quality product.

[jcbeck37]

Seeing this as well the past week. Windows 11 23H2 Firefox 125.0.2 BitWarden 2024.4.1

Set to "never" logout, but may be happening when computer goes to sleep and resumes. Not sure. Or maybe when restarting browser. Tried "remember email" but that setting seemed to be lost. It's not like the extension is 100% reset; after logging back in, I saw that it was still set to "never" timeout, and to Unlock with PIN. It's just finding a way to be logged out anyway.

[SergeantConfused]

Hello everyone,

I wanted to let you all know that I understand what you're all referring to, as I've experienced this myself a few times in the past 2 weeks on my Windows 11 Pro machine with Firefox. We're looking into this matter internally at this stage.

I thank you in advance for your understanding and patience,

[trmartin4]

Hello,

We believe we have identified the root cause of this issue and plan to address it in the upcoming release of the Firefox extension. Due to ongoing release preparation and the store submission process we cannot guarantee a date for this new version to be available, but it will be provided as soon as possible. Thank you for your patience.

[pwseo]

Also happens on Firefox ESR (currently 115.10) on Linux (debian 12, in my case). It's becoming very inconvenient, every other day I have to log in again, input 2fa (yes, I am being fully logged out every time this happens), set PIN again; This isn't the first time something like this happens: a few months ago, the Firefox extension also lost the ability to set a PIN (among other more subtle things).

[dbeilin]

I'm wondering why this doesn't happen on my PC. I'm logged in to my vault on both my work Macbook (Sonoma 14.4.1) and my home PC (Windows 11 23H2) but I'm only signed out on my Mac. On both machines I use Firefox 125.0.3 and the timeout settings are the same.

[good-lly]

Still happening on my extension version: 2024.4.2 + Mac FF 125.0.3

[Atemu]

I haven't experienced this in a few days using 2024.4.2 with Firefox 125.0.3 on two Linux machines.

[mcguirepat]

I share @good-lly's experience, but running on Windows: I also experienced the logout with 2024.4.2 on Firefox 125.0.3 on Windows 10 today.

[hausler89]

2024.4.2 on Firefox 126.0, MacOS 14.4.1, still having this issue.

[jamesWalker55]

Still occurring on Bitwarden version 2024.4.2, on Windows Firefox.

[ann4belle]

Version 2024.4.2 seems to have made this worse. Previously, it was only affecting my laptop (which I imagine had something to do with sleep mode), but now it's also affecting my desktop, which doesn't ever go to sleep - it only turns off the display. Would really like to see a fix for this ASAP, because right now there's zero point in setting "Vault Timeout" to "Never" or "Vault Timeout Action" to anything other than "Log Out".

Also, for whatever reason, this isn't a true logout, because I'm not asked to confirm 2FA when logging back in.

Both my laptop and desktop are on Windows 11 Pro, Firefox 125.0.3

[Atemu]

I haven't experienced this in a few days using 2024.4.2 with Firefox 125.0.3 on two Linux machines.

I should not have said that; the day after I got logged out again.

[baek-sang]

• Windows 11
• Firefox 127
• Bitwarden 2024.4.2

same

[pwseo]

@trmartin4 how are things going regarding this bug? It's been some time since Bitwarden's last comment on this matter.

[QuarkZ26]

Also happening on Firefox/Arch Linux

[jasperslot]

Also got this issue, very frustrating.

• Bitwarden 2024.4.2
• Firefox 125.0.3
• MacOS 14.4.1

[peterwroot]

Bitwarden support pointed me to this thread after I raised a support case for this issue.

System: 2022 MacBook Air Operating System: macOS Sonoma 14.4.1. Browser: Firefox 126.0 (64-bit) Bitwarden Extension Version: 2024.4.2.

I can't see any pattern in the way the logout ocurs, it is not triggered by reboots or closing & re-opening the browser, it occurs sometimes after a long period of sleep, and sometimes it has occured while I've been using the browser.

[mervynfoxe]

Still happening for me as well, even a week after the extension update and some system updates.

OS: macOS 14.5 Browser: Firefox 126.0 BW Extension: 2024.4.2

I'm also seeing the same lack of a pattern as @peterwroot; generally I'll be logged out when I open up the computer to work in the morning, but sometimes it will still be logged in from the previous day and I'll suddenly notice in the middle of the day that it's kicked me out.

[jelmervdm]

This is occurring for me as well. No issues on Chrome or mobile devices. Seems to happen after it falls asleep and wakes up, never happened to me while it's active. It's set to never time out.

OS: MacOS 14.4.1 Browser: Firefox 126.0 Bitwarden version: 2024.4.2 BitWarden server 2024.5

[peterwroot]

Updating my above comment based on @jelmervdm's comment - I have experienced this issue on both the vault.bitwarden.com and vault.bitwarden.eu instances.

[arborealoctopus]

Another behavior I've seen which seems related: has anyone else noticed the reverse problem occur, where the extension does not lock? Maybe I'm going insane but I could swear with a 30-minute timeout I've woken up the computer after a day at work and its still logged in. To be clear, most days its logged out, but maybe 2 or 3 times in the last month. Edit, could be this (I always log in using the sidebar because trying to do 2fa/login with device on the window that disappears and resets the login process if you click anywhere outside of the rectangle is a trash experience, and the sidebar avoids it -- TIL this is a security risk! lol) I've also experienced a Fun! new issue while typing this, which is logging in but it never syncs, so I'm logged in but bitwarden is still just an empty gray box🙄

[seetowsh]

Another issue I noticed is that sometimes even though the extension is blue (logged in) the saved passwords will never load until I fully log out and log back in.

It will just show the loading spinner going on infinitely.

On Tue, May 21, 2024, 11:29 AM arborealoctopus @.***> wrote:

another behavior I've seen which seems related: has anyone else noticed the reverse problem occur, where the extension does not lock? Maybe I'm going insane but I could swear with a 30-minute timeout I've woken up the computer after a day at work and its still logged in. To be clear, most days its logged out, but maybe 2 or 3 times in the last month.

— Reply to this email directly, view it on GitHub https://github.com/bitwarden/clients/issues/8873#issuecomment-2121592004, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGB5LLVYYU3TGLS2QFIPSQ3ZDKWQZAVCNFSM6AAAAABGUIQZE2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRRGU4TEMBQGQ . You are receiving this because you commented.Message ID: @.***>

[scottwallacesh]

Another issue I noticed is that sometimes even though the extension is blue (logged in) the saved passwords will never load until I fully log out and log back in. It will just show the loading spinner going on infinitely.

This happens to me too. To avoid the double-login, I go to Manage Extensions and toggle the extension to disable/enable and then I login and it works "first time".

[nmbgeek]

Another issue I noticed is that sometimes even though the extension is blue (logged in) the saved passwords will never load until I fully log out and log back in. It will just show the loading spinner going on infinitely.

Experiencing this now too.

[nek0d3r]

This has been happening for at least the past couple weeks now, and it happens multiple times a day. My vault timeout is set to never. Good luck getting this fixed!

[Sangeppato]

Seeing the same issue on Safari 17 (macOS 14). As a paying Bitwarden customer, I have to say that I am unfortunately starting to look for alternatives: between memory leaks and bugs like this which either go unfixed for months/years or are eventually reintroduced even after a first fix is shipped, I have to say that using Bitwarden lately as not been a very pleasant experience..

[jksdk4]

I'm having this issue in Firefox on both MacOS and Windows 10, maybe for the last 3 weeks.

I feel like I had this issue in Chrome on Windows as well recently, but I don't use Chrome very often so not certain.

It either greys out when I wake my computer and I just have to enter the master pass about half of the time, or I have to enter two-factor. Sometimes it will remain unlocked on wake but that's less often than not.

I also have had to unlock by re-entering my PIN on my (12th gen? bought new in 2021) iPad Pro each time I reach a form even though I have it set to never lock, that's been an issue for me for... probably a year now. But if I minimise whatever app and just don't completely quit Bitwarden's app then I usually don't have to enter the PIN that way, I just have to swap apps and search whatever site I need the pass for. So kind of inconvenient, but slightly less annoying than having to enter my PIN every time.

[pinchies]

It's both surprising and concerning to me that the root calls of this issue does not seem to have been identified yet, many weeks after the issue was clearly reproducible.

This issue is happening to me on a daily basis on my Mac using Firefox.

I am also a paying customer.

[baek-sang]

It's been a month, and this is the first hotfix bug that needs to be addressed. With self-host unified still in beta testing, I think it's time to find another alternative.

[skopjanecot]

Also, for whatever reason, this isn't a true logout, because I'm not asked to confirm 2FA when logging back in.

In my case on Firefox on macOS 14.5, I do get asked to confirm my 2FA with the FIDO key, which makes this bug even more annoying, having to this every time I leave the computer for more than 4h.

[rodalpho]

@baek-sang Same, I'm switching to 1password over this.

[mbwelch513]

@trmartin4 can you please provide an update on the progress of the fix? As a loyal (and paying) Bitwarden user running Firefox on all of my devices, this bug is causing A LOT of wasted time for me every day! We fully understand you all are working hard. I'm just asking for a quick update. Thank you!

[trmartin4]

Hello. I apologize for the delay and for the continued recurrence of this issue. We truly appreciate your patience as we diagnosed and resolved it.

We have identified the root cause of this issue and the fix will be included in the next release of the Firefox extension. I can't commit at this point to a date for that release, but the issue has been identified and will be included.

[bryanpedini]

It's both surprising and concerning to me that the root calls of this issue does not seem to have been identified yet, many weeks after the issue was clearly reproducible.

@trmartin4 said in a previous comment that the bw team probably identified the issue and was looking to a confirmation. here speicifically

We believe we have identified the root cause of this issue and plan to address it in the upcoming release of the Firefox extension.

Confirmation arrived yesterday/today (depending on the timezone) in Todd's last post

And also

I am also a paying customer.

I am too, 10€/year, to have access to the greatest password manager I know of, a top quality support team (I had a question not too long ago and received the first answer in 4 minutes, replied with various emails and very technical questions, received the final answer answer - along with a bash script example - from a real engineer and in less than 2 hours total of conversation) plus self hosting options (even for free), and bug fixes in 1 month and one day - 23rd of april to 24th of may...

in this timeframe LastPass would have probably barely managed to understand the issue and confirm to you that it's a them-problem and not a you-problem, which they assume by default in the first 3 to 5 messages of a ticket, each of which takes 1 to 3 business days to be addressed, let alone solve the issue.

I know because my company use the product, and I'm hopefully switching to bw this october instead of renewing lp's contract.

So please stop complaining of an issue that only occurred last month, to an open source project you support with merely 1$ per month, start considering your payment some sort of gratitude for the open source product instead of thinking you're a "paying customer", and start appreciating more the fact that bw is the fastest growing bestest pw mgr I know of while being free for the majority and dirt cheap for the few that wanna contribute... (yes ik the cost for businesses/enterprise is on par with competitors like lp, 1p, etc - but look how much more you get)

- end of rant -

please appreciate more the nature and philosophy of the product, you're not just a "paying customer" thanks... (I think on behalf of the entire open source community)

[rodalpho]

We have identified the root cause of this issue and the fix will be included in the next release of the Firefox extension. I can't commit at this point to a date for that release, but the issue has been identified and will be included.

It's been 3 weeks since you found the issue, please consider backporting the fix to the current extension and releasing a hotfix. This shouldn't wait for the next major release.

[bryanpedini]

This shouldn't wait for the next major release.

well, web v2024.4.2 was on may 2, while web v2024.5.0 was on may 14 and browser v2024.5.0 was 3 days ago... I think that bw development team is fast enough that "waiting for a major release" just means the production cycle timing for the build and the worldwide propagation of the extension through Mozilla's and Google's stores servers 😅

[rodalpho]

Sure, whatever their development processes are. Point is this fix should be prioritized. I was about to switch password managers yesterday before @tmartin4 responded. If this isn't out before June I will no longer be a BW customer.

[bryanpedini]

point is, it is being prioritized, go to 1p and ask them to fix a bug in less than 3 weeks, they'll laugh internally because they know and you know and everybody knows that in those 3 weeks their level 1 monkeys will struggle to even figure out the issue, let alone let the engineers know and even worse having a fix

[rodalpho]

Speaking as a paying consumer with no loyalty to any company, the fact is 1p doesn't have any bugs that annoy me on a daily basis. If one pops up after I switch and they're unresponsive or slow to fix it, I'll reevaluate.

[bryanpedini]

you'll be constantly re-evaluating your entire digital life, for the rest of your physical life on this planet... (sadly) commercial products, especially the bigger the worse, are notoriously fucked and slow to respond

anyway, to end this pointless conversation I'll say this much: I stick with bw because in the years I've been a "paying customer" (more like a FOSS supporter but I digress), this is the first annoyance issue I've encountered and the issue was found and the fix was in production in one month

on lastpass for example I sent them a ticket 2 months ago because for the 4th fucking time their stupid ass moron extension ignored the fact that I don't want their stupid autofill and annoying popup services and even tho I deactivated them in the extension settings however, their completely fucked stuff just ignored my preferences and did the fuck they wanted. and all in all they took from apr 12 to apr 30 just to confirm to me that what I was experiencing was an issue on their end (after MULTIPLE tries to uninstall/reinstall the extension, clear the cache, even trying on a new Chrome profile and asking me to send a video recording for proof of the issue), and then they released a fix on may 21. still, we pay them 5 times as much, like 4$ per user per month billed annually, and they still required more troubleshooting steps from my end, more time to identify the issue, and more time to fix it. and you want to switch TO them? or 1password, tomato tomato, same crap, probably a little bit better since unlike lp they haven't been breached 5 times in 6 months... but still...

anyway, you're free to do whatever, just don't frustrate foss projects' developers with your frustrations, keep 'em private...

[nek0d3r]

Ugh, I get so sick of consumers, paying or not, feeling entitled to respect without giving any. If they were dragging their feet (which they clearly aren't), no amount of snide remarks would convince anyone that you're worth listening to. @trmartin4 thanks for the effort and keeping us informed! This really is the best password manager AND support team I've ever experienced.