[FIXED] Mobile stops updating data & then user is signed out after X amount of time? Web app too?


I’ve started a self hosted rocketchat server (4.3.2). Migrated to wiredtiger. Mongodb 5.0

I use my admin account on the web and mobile. I noticed this is routinely happening. After having the mobile app in the background for some time (maybe a few mins), I reopen it, but nothing gets updated. If I enter a channel, I see the spinner spinning. If I swipe-to-refresh in the channels list, I see “updating…” which doesn’t finish. DMs are also not updating. Then after maybe 10 seconds (but not all the time, sometimes it keeps stuck in that state), I get a message on the mobile app “server logged you out”, and I’m thrown right into the authentication screen to enter my username and password. After signing in, everything immediately updates.

On web app, I’m also forcefully signed out after X amount of time, don’t know, but I had been asked to sign in 3 times on the web app this hour and I didn’t click sign out button for sure.

also opened git issue here: Mobile stops updating data & then user is signed out after X amount of time? · Issue #3655 · RocketChat/Rocket.Chat.ReactNative · GitHub

Server Setup Information

  • Version of Rocket.Chat Server: 4.3.2
  • Operating System: ubuntu 16.04
  • Deployment Method: docker
  • Number of Running Instances:
  • DB Replicaset Oplog:
  • NodeJS Version:
  • MongoDB Version: 5.0
  • Proxy: nginx
  • Firewalls involved:

Do you have any integration, or any other client consuming the APIs with the same user and password you use for this user?

If this was a common problem, we certainly were hearing about it all around.

Sounds like a specific error only at you instance.

1 Like

Yeah, I fixed this, I had a bot running every 30 seconds, signing in to my account, and adding all users to all public channels.

I moved that bot to a separate account and it appears to be ok. Thank you

1 Like

What you can do to avoid this is to create a personal access token

go to your avatar > my account > personal access token
and make sure to mark the ignore Two Factor Authentication

Otherwise, for each new token you get from your user and password, will invalidate the previous one, rendering the behavior you experienced.

Glad everything worked out :slight_smile:

If you have any other doubts, don’t hesitante to contact us.

Also, I would like to invite you to our next Community Open Call:

1 Like

I’ve seen you reply with this answer to a number of threads and I wonder if it applies to my situation.
We have Javascript running in a browser that tries to log into Rocketchat using the API with a username and password stored on our server. This works the first day but then it stops. Does that mean you can only login once using the REST API and after that you can only use the personal access token for that user? The documentation seems to suggest you can always do a regular login using username and password.

1 Like


I think the best course of action for you is to move this logic to the server.

If you have a user you already trust (he is already logged into your App), you can then create the user with our APIS with any random password, previously.

Then, when the user clicks the “chat” button in your webapp, your backend will call this API:

which will generate a token…

then you redirect the user to:


This is not the optimal auth method. OAuth fits greatly here, but it will require you supporting it in your App. This resumetoken method will make it hard to login using mobile or desktop app.

You could probably leverage deep links, passing the token to try to allow mobile an desktop usage.

Bear in mind that your tokens, servers info and what not will do a quick pass by our servers, if leveraging deeplinks

Unfortunately a lot of those steps don’t work for us. We’re in a situation where we have to create accounts and channels for users in the back-end but then have the front-end embed rocketchat, jump to a specific pre-created room and have them join a conversation. I can only do the jump-to-channel if our javascript running in the browser has been authenticate.

This isn’t normal behaviour, jfyi.

This isn’t true.

But we can’t really help you in this specific case except for what Duda ^ and I just commented here, without looking at the script/code you’re using to authenticate.