Desktop app (and web app) aggressively logs out

I’ve been enjoying using Vikunja cloud and supporting the project, but this has crossed from something to live with to being absurd. And just to be clear, I am checking “Remember Me” every time.

I would make the complaint against Vikunja as a whole; the only other online services I use that are as aggresive with logouts are banking, healthcare services, and my Microsoft/Github access for work. I am not using Vikunja for work, however, I’m using it personally, and while I am forced to put up with the services for work, I really don’t feel like I should force myself to put up with them for…a todo app.

BUT, with all that said, I understand that Vikunja is also aimed at being a workplace tool, so the aggressiveness could be argued as necessary.

What is indefensible is just how often I have to log back into the desktop Vikunja app. Literally no other desktop apps I use ever require me to log back in; I might be forced to log back in for Microsoft’s desktop once a month. Vikunja is at least once a week, usually more.

Before starting this thread, I wanted to check and see if I’m not just overreacting - that my brain isn’t cherrypicking moments and the frustration feeling, and I’m not. I logged in at 11:07AM on both desktop and web and by 2PM, I was already required to re-login to the web. By 6PM the following day, I was required to relogin to the desktop app - even to the point that it said “No API url was configured”. This pattern repeated - maybe not every day, but essentially every other day.

I saw in another thread that:

In the web, login sessions are only valid for 72h by default

So this is by design then? “By default” makes it sound like it’s a setting that can be changed but, having checked my account settings, it must be referring to a server setting.

This just feels entirely too aggressive for a todo app - especially if it’s meant to be used by individuals. Teams might want a higher level of security; to make it the only option is entirely too aggressive.

I have really stopped using Vikunja because I’m so sick of having to login. It wasn’t even a conscious decision, I just found myself not having opened it in days, then weeks. I am used to opening my todo app multiple times per day. I hate the idea of having to find yet another todo app, especially when Vikunja is fulfilling that need, but the fact that I’ve simply stopped using it without even intending to speaks as to how much it’s not helping me organize my life.

Huh what you’re describing is definitely not normal or intended.

It is true that the login session is valid for 72h by default, but it is extended by another 72h if there are less than 60h remaining of the initial 72h. This means that as along as you use Vikunja every 12h+, you should not have to log in again and again.

If you check the “remember me” checkbox, the session is valid for 30 days.

Both of these durations are configurable on the server.

One caveat: If you have not set up an JWT secret, all sessions are invalidated when you restart Vikunja. Can you verify if that’s the case in your installation?

Do you observe this only with the desktop app or in the web as well?
If you’re logged out, does that affect all devices?
Which Vikunja version are you using?

Thanks for the response.

As I said, I am using Vikunja Cloud, so AFAIK I have no ability to view server settings (which I’m fine with). I believe that should tell you what version of Vikunja that I’m using, but as for the desktop app, I am using 0.24.3, which I installed as a Flatpak. I just tried running the flatpak install command to ensure I was up to date, and it says I am.

Do you have your browser set to “forget” all browsing data when you close it? That would log you out as w.

As for the desktop app, do you see the same behaviour with any of the non-flatpack unstable builds from here? Vikunja Download | unstable

Hey, sorry for the lack of response. I also realize I missed several questions you asked.

Do you observe this only with the desktop app or in the web as well?

Web as well, which I mostly use on mobile. If anything, the web logs me out more often than the desktop app, but I don’t have hard data to back that up.

If you’re logged out, does that affect all devices?

Not that I’ve noticed. Like I just had to log into the desktop app and web on my desktop, but the browser on my phone is still logged in.

Do you have your browser set to “forget” all browsing data when you close it?

No, I do not; in fact, I actually have it restore the tabs from the previous session.

do you see the same behaviour with any of the non-flatpack unstable builds from here?

Unfortunately, I am not able to use any of those options, as my distro of choice is very niche…it does not have glibc, so a Flatpak is my only option. I have been having issues with xdg-desktop-portal granting network access to Flatpak apps when using Plasma, but I would not think that a lack of network access would somehow reset or invalidate my session.

Is it possible that my use of a VPN contributes to this issue?

Do you have any privacy extensions enabled in the browser which might clear local storage after a while?

Does it happen reproducibly if you close the desktop app or restart your computer?

Does it log you out only when you close and reopen or also while you’re using it?

The vpn should not contribute directly to the issue, but it might cause something here. Maybe worth a try? (if possible)