Firefox Bitwarden extensions constantly logging me out

[matteematt]

Steps To Reproduce

Until a week or so ago, when I use the browser every day bitwarden stays logged in for long periods of time.

Expected Result

bitwarden stays logged in for long periods of time.

Actual Result

Bitwarden is logging me out almost every day

Screenshots or Videos

No response

Additional Context

This has only started recently. Once logged in I set it to be unlocked with PIN without needing master pasword again. Usually when I go on my laptop each day it would stay logged in, but now it keeps logging me out. The desktop application and the application on my phone is not having this issue

Operating System

macOS

Operating System Version

14.4.1 (23E224)

Web Browser

Firefox

Browser Version

124.0.2 (64-bit)

Build Version

2024.4.1

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bryanpedini]

I hate to pile on to this thread but I couldn't agree more re: the release notes comment by @ann4belle.

... perhaps starting with more detailed patch notes? "Bug fixes" doesn't really tell us which bugs were fixed (and, perhaps more importantly, which were not).

Couldn't have said in better terms what was reflected upon by @ann4belle and @scottwallacesh, and also @pwseo here:

On a different note: is there a way to help Bitwarden catch these bugs before they hit the extension stores? Like a beta-testing program.

@ home I live on the edge, I'm on Arch Linux with LibreWolf and BetterBird and (I'll let you bash me in the comments, I know, I know) a crap ton of AUR packages, I wouldn't mind beta-testing BW at home. But at work, where I need to get things done, doing customer support with some client on the phone line? I can't wait 3 minutes just to log in. Yes I can put the customer on hold, but how many times before s/he gets frustrated at me for something that isn't my fault? Doing ISP customer support we already get insults for breackages of lines that are not our fault constantly, wouldn't want my computer to be another cause of the same thing 😅

Point is @trmartin4, as a community of (admittedly mostly) nerds, we would like to have the ability of help you help us, some of us wouldn't do it, but just the possibility of doing so would mean a lot "in the public eye"... Plus, a response or two between your messages on the 23rd of May and the 7th of June would have been nice... not to say that you will do everything right now and all will be fixed as of "today", but just to let us "feel your presence" and have you "active" on the matter, basically, just say "we're working on it, sorry for the inconvenience" or something... or at least that's how I feel about it...

[kashyapgv]

+1 MacOS 14.5 Firefox 126.0.1 Bitwarden 2024.4.2 Vault time-out: on browser restart + time-out action: lock

[trmartin4]

Thank you all for your honest feedback. We truly value and respect the consideration of our community, and we will make efforts to be more responsive in the future. We were hesitant to commit to any particular release timeline in this case, as we wanted to avoid over-promising, but avoiding any communication at all left the community feeling like the issue wasn't being addressed - which is far from the truth.

Our release schedule in this case was disrupted by the efforts for the Manifest v3 overhaul of our extension, which resulted in a more limited release (2024.5.0) that prevented the fix for this from being released earlier. This was done in order to ensure we had focused support for such a large change. This should not be a normal practice moving forward; you should expect to see regular releases across all extensions in our supported ecosystem.

[justinnichols]

Thanks @trmartin4 , that is a reasonable response and I appreciate yours and everyone's efforts at Bitwarden. In the grand scheme, while this bug is annoying...it's just that -- annoying. It's not a completely app-breaking thing. I, like the others, get that many of us pay for this solution and with that comes certain expectations, but at the end of the day, this is indeed a minor annoyance and not anything detrimental.

Thanks for working on this and for the explanation.

[ann4belle]

In the grand scheme, while this bug is annoying...it's just that -- annoying. It's not a completely app-breaking thing.

I strongly disagree, @justinnichols. Bitwarden is, first and foremost, a password manager - I (and many others) use it so that we don't have to remember and constantly type in passwords to websites and apps. A bug that requires me to near-constantly re-enter my password stretches beyond mere annoyance and into "app-breaking" territory, since it significantly diminishes the usefulness of the app.

I have to login to a service that refuses to respect my "remember me" setting 1-2 times a day, roughly coinciding with the time that the extension logs me out. This renders the app next to useless to me, since I'm effectively forced to type in a password no matter what - either I type in the password to the service I'm trying to use, or I type in the Bitwarden password, hope it doesn't get stuck spinning, and have Bitwarden autofill the saved password.

I'm personally going to choose the second option for a number of reasons, but if I was a first-time user of the app, a bug like this might turn me off from password managers entirely - which is absolutely not what a company offering a paid password manager service should want.

[justinnichols]

You're quite free to disagree, @ann4belle . I'm used to people not agreeing with me -- because I use logic and reason more than I use emotion, or I try my best at it.

I work in software engineering and know what it takes to build/test/deploy/maintain software. I agree, this sucks, and shouldn't have taken this long to fix, but the annoyance of having to type one and only one password to get access to your vault vs. the annoyance of having to remember all passwords for all sites, seems quite lopsided. It's a bug, it's acknowledged as such, and it will be in a fix as soon as they can get it in.

Vote with your wallet. If this is that much of a problem for you, there are alternatives. I, for one, am content with Bitwarden and understand that what they provide with the browser extensions is a convenience, one we of course pay for, but a convenience nonetheless. You can just as easily browse to your vault using their website to get your passwords, and perhaps the "remember-me" function works there.

[arborealoctopus]

I'm used to people not agreeing with me -- because I use logic and reason more than I use emotion, or I try my best at it.

Wooooowwwwwwwwwwwwwwwww. Maybe we can all avoid trying to start fights in the comment thread.

[ann4belle]

@justinnichols Not sure what exactly made you decide to be so hostile, but keep it to yourself, thanks. Also, nice job trying to flex that you work in software engineering and "know what it takes" to build/test/deploy/maintain software - it's not like this is GitHub or anything.

[climba03003]

I see the release https://github.com/bitwarden/clients/releases/tag/browser-v2024.6.0 for fixing the issue, but not published to Firefox Extension. The latest version 2024.4.2 is one month ago.

I loaded the extension as temporary extension to see if it helps.

[pwseo]

The latest release also has a decent enough changelog / release notes! :D

[Arsoth]

very much looking forward for that fix. Hopefully it makes its way through the FF extension store approval process quickly.

[jeff3820]

Log out still occurring. Extension version 2024.4.2. Server version 2024.6.0

[rakewell]

on windows firefox yes, macos seems ok. Its becoming a real pain having to login every few hours.

[jeff3820]

@rakewell Nope. I'm running MacOS 14.5 and Firefox 127.0. I was logged out this AM so problem still exists...

[jeff3820]

Just checked the Bitwarden extension…the server version is now 2024.6.1…hopefully this helps…

[rakewell]

can't see that version on my end: https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search

says Version 2024.4.2 Size 10.76 MB Last updated a month ago (May 6, 2024)

[trmartin4]

Hello,

As some have noted, the new server version has been released. We have submitted the corresponding client updates to the stores, but the Firefox extension has not yet been approved. The issue has been addressed with a change in the client and so we will need to wait for the new extension version before the issue is addressed.

Thank you again for your patience.

[arborealoctopus]

I see the release https://github.com/bitwarden/clients/releases/tag/browser-v2024.6.0 for fixing the issue, but not published to Firefox Extension. The latest version 2024.4.2 is one month ago.

I loaded the extension as temporary extension to see if it helps.

Just experienced the logout issue with 2024.6.0 on firefox dev edition. Fingers crossed it was a fluke or due to something else.

[Crocmagnon]

Just experienced the logout issue with 2024.6.0 on firefox dev edition.

2024.6.0 hasn't yet reached the store.

https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/

Did you install it through another channel?

[arborealoctopus]

you can manually install addons as distributed by bitwarden if you are using firefox dev edition (it lets you make signing checks not mandatory)

[pwseo]

you can manually install addons as distributed by bitwarden if you are using firefox dev edition (it lets you make signing checks not mandatory)

You can also load them temporarily in a non-dev Firefox install by going to the about:debugging page, selecting the "This Firefox" option on the left, and then clicking the "Load temporary add-on..." button on the right (then choose the dist-firefox-2024.6.0.zip file downloaded from the Github releases page). Of course, this persists only for the current session, so one has to repeat the procedure if Firefox is restarted. Still, it's adequate for the bug this issue refers to.

Currently on Firefox ESR 115, Extension version 2024.6.0. No sign-outs for the last 3 h (I'll check back tomorrow).

[arborealoctopus]

Happened again on a different machine. very very curious if anyone else risking the early update is still seeing it.

[Snuupy]

@arborealoctopus I'm on latest librewolf, upgraded from 2024.3.1 directly to 2024.6.0 and I haven't been logged out for over a day now so I think it works.

[pwseo]

Happened again on a different machine. very very curious if anyone else risking the early update is still seeing it.

Still nothing on this end. Installed the 2024.6.0 extension on Firefox ESR 115 (debian 12) yesterday, still logged in.

[rakewell]

I'm logged out on both dev an normal firefox

[pinchies]

Installed the 2024.6.0 extension on regular Firefox on Mac yesterday using the about:debugging feature and was signed out today. Very happy to help debug further if there is any way I can assist.

[pwseo]

@trmartin4 this issue is still not solved. Firefox ESR 115 on debian 12 bookworm, installed the 2024.6.0 extension from your dist-firefox-2024.6.0.zip file on Github releases yesterday, got logged out this morning.

[pwseo]

I would also just like to add that we're probably still 1-2 weeks away from 2024.6.0 hitting the Mozilla Add-ons store, and since that version still does not solve the issue, then even if Bitwarden solves the problem right now, we're still looking at a delay of at least one month (best-case scenario) before everybody can say this is over.

This is already the most commented bug on Bitwarden's public issue tracker, and the fact that nobody can apparently determine the root cause is worrisome -- can it have other consequences we're not aware of? Please, do make this a priority and hotfix it as soon as possible. Perhaps try enlisting the help from some of the people commenting here -- it seems you're still having trouble reproducing the bug itself, otherwise you wouldn't think it was solved a month ago.

[lusoman]

I'm now running 2024.4.0 on Firefox 127.0, Windows 10, and I've not seen the problem yet for over 24 hours.

On Sun, Jun 16, 2024 at 4:34 AM Pedro Cunha @.***> wrote:

I would also just like to add that we're probably still 1-2 weeks away from 2024.6.0 hitting the Mozilla Add-ons store, and since that version still does not solve the issue, then even if Bitwarden solves the problem right now, we're still looking at a delay of at least one month (best-case scenario) before everybody can say this is over.

This is already the most commented bug on Bitwarden's public issue tracker, and the fact that nobody can apparently determine the root cause is worrisome -- can it have other consequences we're not aware of? Please, do make this a priority and hotfix it as soon as possible. Perhaps try enlisting the help from some of the people commenting here -- it seems you're still having trouble reproducing the bug itself, otherwise you wouldn't think it was solved a month ago.

— Reply to this email directly, view it on GitHub https://github.com/bitwarden/clients/issues/8873#issuecomment-2171456823, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF4LAL4C4BCWOGC256WA72DZHVZ4BAVCNFSM6AAAAABIS24AASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZRGQ2TMOBSGM . You are receiving this because you commented.Message ID: @.***>

[hugo9655]

Hi, just wanted to add that I am also experiencing this problem. It's only just started happening, it's impossible to tell when it'll occur too.

[trmartin4]

@pinchies @pwseo if you have installed the new version and are still experiencing logout, the best way to try to help us identify if this is the same issue or something different is to inspect the extension background overnight (or when you're experiencing the logout) and look for 401 responses to network requests. If you're leaving the extension overnight you'll also want to make sure to Persist Logs by clicking on the gear icon at the top right of the DevTools (see screenshot).

These 401 requests occurred due to the use of an expired access token, which we resolved in the 2024.6.0 version.

Thank you for side-loading the extension to test this out for us. We are also investigating internally.

[pinchies]

I have followed the guidance just now, and will update with logs if I experience another logout.

[pinchies]

Logout happened -- @trmartin4 please let me know how best to share logs securely with your team.

[matthewbloch]

I installed the 2024.6.0 release manually in my Firefox, on Windows, yesterday. On the plus side it lets me log in at all (previously was just a blank page & endless spinner). On the down side, I'm logged out this morning.

[trmartin4]

@pinchies please submit the logs to support@bitwarden.com. I will be on the lookout and we will jump on it to investigate right away. Thank you very much for your help.

[rumenavramov]

I installed the 2024.6.0 release manually in my Firefox, on Windows, yesterday. On the plus side it lets me log in at all (previously was just a blank page & endless spinner). On the down side, I'm logged out this morning.

I found a workaround for the "endless spinner" issue - disable the extension, then re-enable it. It comes back as locked and I can unlock and use it right away.

[ralob]

I, too, am having the reoccurring logout issue on 24.6.0.

@trmartin4 -- I passed along my log info to the BW email support address above. Please let me know if it was useful or if any changes would be helpful on my end for better data.

[JP95Git]

I have the same issue: Windows 11 23H2 Firefox 126.0

Plugin version: 2024.4.2 (Firefox says, that this is the latest version) Server version: 2023.9.1

Tresor-Timeout: Bei Browser-Neustart. (German version)

I usually just lock my pc, no standby or reboot or shutdown. Firefox is open, but BitWarden locks my account everyday.

[rodalpho]

Once this latest issue is resolved, please don't wait for the normal July release window to release it to your customers.

[alexyangjie]

I've also tried the latest 6.0 version and logout still happens. It is even worse than previous, as now it can't even remember my email address in the login field.

[trmartin4]

Thanks to the help from the community, we have identified a second issue that is causing the logouts, and we are planning an unscheduled release in the upcoming few days to address it. We believed that we had addressed the root cause in the release, but it is clear that there were multiple issues occurring and we didn't resolve them fully. We will not be waiting for the next scheduled monthly release to address this.

We are very sorry for the commitment of the fix in 2024.6.0 and not having all of the underlying causes diagnosed. We are working hard to ensure that the new version is submitted to stores as soon as we can.

[bwbug]

@trmartin4 This may or may not be related to the issue in current thread, but in the past week or so, I have been intermittently been experiencing unexpected logouts of the browser extension in Chrome (in 2024.6.0); sometimes (but not always), this seems to be caused by the "Vault Timeout" action being spontaneously altered from "Lock" to "Logout" (without user action). I hope that the planned hotfix also resolves the issue in Chrome.

[trmartin4]

@bwbug it is possible that the logouts in Chrome would be caused by this same issue. The root cause is a race condition, and Firefox appears to hit the error state significantly more often than other extensions. It doesn't preclude the same issue from occurring on other extensions as well.

However, the change of your vault timeout action doesn't correlate with anything else reported on this thread, so I would recommend opening another ticket for that.

[trmartin4]

We are completing testing of the fix for this issue. If anyone wishes to side-load this new build in order to verify that the behavior has been fixed, you can side-load it from here.

Please keep in mind that this is a side-loaded extension and will not automatically update in the future.

Thank you for all of your help.

[pinchies]

you can side-load it from here.

The test build zip file is a bit broken, I had to extract it, and then choose the "manifest.json" file when sideloading (via about:debugging) to get the addon to install on firefox. Testing now :)

[pinchies]

@trmartin4 This may or may not be related to the issue in current thread, but in the past week or so, I have been intermittently been experiencing unexpected logouts of the browser extension in Chrome (in 2024.6.0); sometimes (but not always), this seems to be caused by the "Vault Timeout" action being spontaneously altered from "Lock" to "Logout" (without user action). I hope that the planned hotfix also resolves the issue in Chrome.

I noticed this behaviour previously too. When the user is unexpectedly signed out, the Vault Timeout is reset to its default setting, which is always Logout. I assume this is the intended behaviour @trmartin4 ?

[MajorQuake18]

Is the updated version with the fix 2024.6.2? I just updated to this version from the Firefox Addons store

[vb-git]

Is the updated version with the fix 2024.6.2? I just updated to this version from the Firefox Addons store

It seems so. The initial fixed version was 2024.6.0 but this still seemed to have problems as reported by users testing it, so i guess the .2 is the "real" fixed version. I'm running it now for a couple of hours and so far so good, including locking of vault after timeout and unlocking with pin as i was used to.

You can go to Manage Extension, and check for updates to trigger the update asap.

[trmartin4]

Version 2024.6.2 does not include the final fix for this issue. We are still completing our internal testing, but we plan to submit another release to the store later this week as soon as it is verified.

[pinchies]

Version 2024.6.2 does not include the final fix for this issue. We are still completing our internal testing, but we plan to submit another release to the store later this week as soon as it is verified.

No sign outs in the last 24 hours with the final fix build!! 🥹