starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-25 17:25:57 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2295] Login session expired with account switching #1218

New issue
Closed
opened 2026-03-03 02:07:13 +03:00 by kerem · 4 comments
kerem commented 2026-03-03 02:07:13 +03:00
Owner
Copy link

Originally created by @cksapp on GitHub (Feb 11, 2022).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2295

Low priority issue, noticed a slight issue with the newest release of the Bitwarden Desktop app 1.31.0

When trying to use the new Account Switching feature, you are able to login to one account with Vaultwarden as normal.
2022-02-10_19h45_57

After login to another account with the same VW server, the first initial account logged in will time out.
2022-02-10_19h47_57

Latest release of the desktop app reinstalled, and Vaultwarden server upgraded to latest 1.24.0

Originally created by @cksapp on GitHub (Feb 11, 2022). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2295 # Low priority issue, noticed a slight issue with the newest release of the Bitwarden Desktop app [1.31.0](https://github.com/bitwarden/desktop/releases/tag/v1.31.0) When trying to use the new [Account Switching](https://bitwarden.com/help/account-switching/) feature, you are able to login to one account with Vaultwarden as normal. ![2022-02-10_19h45_57](https://user-images.githubusercontent.com/66083310/153521468-43808c4e-56b0-4dac-b8e4-af61c74509b4.png) After login to another account with the same VW server, the first initial account logged in will time out. ![2022-02-10_19h47_57](https://user-images.githubusercontent.com/66083310/153521470-00c0a337-cb92-44d5-a1ff-db09a7f46cc7.png) Latest release of the desktop app reinstalled, and Vaultwarden server upgraded to latest 1.24.0
kerem 2026-03-03 02:07:13 +03:00
kerem commented 2026-03-03 02:07:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Feb 11, 2022):

Confirmed. It looks like it is trying to access the token, [INFO] (login) POST /identity/connect/token, but not allowed.

<!-- gh-comment-id:1036257093 --> @BlackDex commented on GitHub (Feb 11, 2022): Confirmed. It looks like it is trying to access the token, `[INFO] (login) POST /identity/connect/token`, but not allowed.
kerem commented 2026-03-03 02:07:14 +03:00
Author
Owner
Copy link

@cksapp commented on GitHub (Feb 11, 2022):

Thanks for the info, pretty interesting to know.
I will note it seems this is even less of a priority issue as upstream had several major issues with this release and have rolled back to 1.30 as latest. Who's to say what changes may be made, my guess not much would be changed but best not to even worry about it until this is fully patched and a new public release is available.

<!-- gh-comment-id:1036424184 --> @cksapp commented on GitHub (Feb 11, 2022): Thanks for the info, pretty interesting to know. I will note it seems this is even _less_ of a priority issue as upstream had several major issues with this release and have rolled back to [1.30](https://github.com/bitwarden/desktop/releases/tag/v1.30.0) as latest. Who's to say what changes may be made, my guess not much would be changed but best not to even worry about it until this is fully patched and a new public release is available.
kerem commented 2026-03-03 02:07:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Feb 24, 2022):

I digged a little bit into this. And it looks like we currently only have a uniqueness on the device-id.
This in turn makes it that we overwrite this when a new user logs-in, which effectively deletes there refresh token.
To change this we need to change the whole code regarding the device table to match on both device-id and user-id on all fronts.

This will take some time and needs some good testing. But it is one the list now :).
Thanks for the report.

<!-- gh-comment-id:1050111593 --> @BlackDex commented on GitHub (Feb 24, 2022): I digged a little bit into this. And it looks like we currently only have a uniqueness on the device-id. This in turn makes it that we overwrite this when a new user logs-in, which effectively deletes there refresh token. To change this we need to change the whole code regarding the device table to match on both device-id and user-id on all fronts. This will take some time and needs some good testing. But it is one the list now :). Thanks for the report.
kerem commented 2026-03-03 02:07:14 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Mar 3, 2022):

Small update, i think i have a working patch. I just need some time to do some final checking :)

<!-- gh-comment-id:1057915118 --> @BlackDex commented on GitHub (Mar 3, 2022): Small update, i think i have a working patch. I just need some time to do some final checking :)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#1218
No description provided.