search

getumbrel / umbrel

A beautiful home server OS for self-hosting with an app store. Buy a pre-built Umbrel Home with umbrelOS, or install on a Raspberry Pi or any x86 system.
https://umbrel.com
Other
7.24k stars 523 forks source link

Still logged in after inactivity timeout on Lighting Node app? #1549

Open empewoow opened 1 year ago

empewoow commented 1 year ago

Not sure if this a feature or not, but I don't think so. After 2 days of inactivity (I even restarted my computer and browser), when I opened the Lightning Node app page (the tab was re-opened in my browser) on :2101, I was still logged in to the app and I could see balances and stuff. This is not desirable right? (I did not try to do transactions, maybe I'll try that later.)

In another tab, the main Umbrel login page was open, and it showed me a login page at /login. As a test, I logged in on Umbrel again, and logged out afterwards. When I went to the Lighting App page, refreshed (not sure btw) and it showed me a login page (like this url: :2000/?origin=host&app=lightning&path=%2F), as expected.

Why is inactivity not a reason for the system to log me out of the Lightning Node app? Is this a bug?

Umbrel Version 0.5.3 LND 0.15.4-beta

empewoow commented 1 year ago

P.S. I posted this question several times in the Umbrel Telegram chat, but no one responded. That's why I try it here.

empewoow commented 1 year ago

Update: After 8 hours of inactivity (sleep) my main Umbrel login page was logged out again as expected. I checked the Lightning Node app and it was still logged in. I tried sending sats from there, it works. I don't think this is desirable.

nevets963 commented 1 year ago

Due to legacy reasons, there are currently 2 authentication systems which can become out of sync like in the situation you've described. The dashboard will timeout sooner, compared to authentication for your applications.

If you explicitly logout in the dashboard, it will also terminate the session for all apps too.

The dashboard currently has JWT token based heavily embedded into it, so it's not a instant fix to move to our new auth. system, but we will get this working better ASAP.

sbadakhc commented 1 year ago

Is it possible to set the inactivity timeout? If so can it be something that can be configured via the gui?

empewoow commented 1 year ago

That would be a good idea :)!

mayankchhabra commented 1 year ago

Hey folks, in a future Umbrel release (~1 to 2 months) we'll switch to a single authentication system (unlike 2 systems as @nevets963 pointed out above). When that happens, both Umbrel's and apps' authentication will always be synced.