search

wavebox / waveboxapp

Wavebox, the revolutionary and feature-rich Chromium browser that's built for productive working across Google Workspaces, Microsoft Teams, ClickUp, Monday, Atlassian, Asana, AirTable, Slack, and every other web app you use to get work done.
https://wavebox.io
1.3k stars 135 forks source link

Google accounts session expiration too short? #919

Open rfgamaral opened 5 years ago

rfgamaral commented 5 years ago

Is your feature request related to a problem? Please describe. My Google accounts sessions expire too quick, every week or so I'm forced to enter my Google account password. On my main browser, which I use every day, Google accounts sessions don't expire as quickly.

Is your feature request related to an account type? Google (Gmail, Calendar, etc...)

Describe the solution you'd like If possible, allow to pick an expiration timeout for Google accounts sessions.

Additional info I'm not sure if this is some sort of limitation, a bug, or by design, but I've opened this as a feature request. Hope that's ok.

Thomas101 commented 5 years ago

Hey, we don't set a specific expiration time for sessions - it's all set by Google. As a rule of thumb, the API auth tokens shouldn't really expire, and the signed in sessions should expire monthly-ish.

Let's see where the issue is though, we can see if there's anything we can do...

  1. Is it that Wavebox brings up the "There's an authentication problem with this service" with the big fingerprint, or that you're presented with the Google "Enter your password" type login screen?
  2. Is it a personal Gmail (@gmail.com) or corporate (@mycompany.com)?
  3. Have you got more than one Gmail account in Wavebox, is one or all of them affected?
rfgamaral commented 5 years ago

That's what I thought but I only have this problem within Wavebox (not on my main browser), that's why I opened up this issue.

  1. I'm presented with the Google "Enter your password" type login screen.
  2. Both, see below.
  3. I have 3 accounts, 2 G Suite, 1 Personal. It happens with all of them.

The way I have this configured is one Google account with Gmail, Calendar, Contacts, Keep, etc... and 2 other Gmail services sandboxed on the same account.

Thomas101 commented 5 years ago

It should be keeping you signed in longer than that then. Maybe try clearing cookies and browsing data might help, give this a try with one account...

Do you use 2-factor auth on any of the accounts? If you do, just make sure you're checking "Don't ask again on this computer" when signing in

Thomas101 commented 5 years ago

Hi, I’m going to close this due to inactivity. If you’re still seeing the issue, feel free to re-comment and I’ll take another look. Thanks

cellog commented 4 years ago

Hi, I have seen this behavior as well. The "Must reauthenticate" page followed by a page for each additional login step is far more onerous than the "enter your password" screen that pops up once per month when used in the browser. No, the steps above do not fix the problem.

Wavebox completely forgets the authentication. It happens for me any time I log into google in the browser on any other machine, or when I have not logged in for more than 24 hours.

This is honestly super annoying, I have been dealing with it for over a year as a paid customer, but it would be great not to have to do it again. thanks.

rfgamaral commented 4 years ago

Ok, since someone else is posting the same issue I'm going to share something I've been taking note for a while... I have 3 Google accounts on my Wavebox on my home PC and I've been logging when each one of their sessions expire:

main-domain-account [at] ricardoamaral.net

some-other-domain-account [at] ricardoamaral.net

personal-gmail-account [at] gmail.com

For privacy reasons and bots, I've omitted the real e-mail address, only the domain part is real.

Based on the logging, one can find at least on pattern... Domain based accounts (@ricardoamaral.net, G Suite) expire much more often than non-domain based accounts (@gmail.com, Google). The @gmail.com account hasn't expired since the last time on August 16, maybe it will expire tomorrow (30 days, every month).

@cellog Are you by any change also using a G Suite account with Wavebox?

cellog commented 4 years ago

yes, 3 of 4 accounts are G Suite accounts

rfgamaral commented 4 years ago

yes, 3 of 4 accounts are G Suite accounts

Interesting. However, I don't observe the same expiration behavior on the browser with the same G Suite accounts.

Thomas101 commented 4 years ago

From what we've been seeing here the expiration is pretty consistent every 14 days on Gsuite accounts and pretty much never on personal Gmail accounts. We tried this across a set of browsers too (Chrome, Firefox, Safari, Brave, etc...) and saw the same timeout on these.

On Gsuite the expiration time can be modified from the Admin console if you're the domain administrator (https://support.google.com/a/answer/7576830?hl=en). We've also pushed an over-the-wire fix that means that when you do get signed out, the app should remember the account you're signed in with so at least you can get signed in quicker.

There's also improved password manager support and native U2F key support coming down the line in the next major release, so it should make signing back in a bunch easier when it does happen.

@rfgamaral in our testing we've seen exactly the same behaviour in the browser. Which browser were you using & do you have any extensions installed? I'll have a try here to see if I can get it to stay signed in

rfgamaral commented 4 years ago

On Gsuite the expiration time can be modified from the Admin console if you're the domain administrator (https://support.google.com/a/answer/7576830?hl=en). We've also pushed an over-the-wire fix that means that when you do get signed out, the app should remember the account you're signed in with so at least you can get signed in quicker.

image

This is what I have on mine... I don't have Web Session like it mentions in the Google documentation.

There's also improved password manager support and native U2F key support coming down the line in the next major release, so it should make signing back in a bunch easier when it does happen.

Is integration with all sorts of password managers coming? I use personally use Enpass.

@rfgamaral in our testing we've seen exactly the same behaviour in the browser. Which browser were you using & do you have any extensions installed? I'll have a try here to see if I can get it to stay signed in

I use Firefox and maybe I am logged out every 14 days but I probably don't notice as much because I have my Google passwords in Firefox Lockwise I quickly log back in (and usually I'm never asked for 2FA, only the password).

Thomas101 commented 4 years ago

I don't have Web Session like it mentions in the Google documentation

The Google Cloud session control only applies to the Admin console. Google used to offer a free version of Gsuite, I don't think they allow you to customise the session length on these. We've got a couple of domains using this and the option just isn't there :(

Is integration with all sorts of password managers coming? I use personally use Enpass.

Yes. Haven't personally checked Enpass, but I'll add it to the list to give a try

I use Firefox and maybe I am logged out every 14 days but I probably don't notice as much because I have my Google passwords in Firefox Lockwise I quickly log back in (and usually I'm never asked for 2FA, only the password).

Something similar is in the next major release, so it should be more of a case of clicking next :)