I’ve started a self hosted rocketchat server (4.3.2). Migrated to wiredtiger. Mongodb 5.0
I use my admin account on the web and mobile. I noticed this is routinely happening. After having the mobile app in the background for some time (maybe a few mins), I reopen it, but nothing gets updated. If I enter a channel, I see the spinner spinning. If I swipe-to-refresh in the channels list, I see “updating…” which doesn’t finish. DMs are also not updating. Then after maybe 10 seconds (but not all the time, sometimes it keeps stuck in that state), I get a message on the mobile app “server logged you out”, and I’m thrown right into the authentication screen to enter my username and password. After signing in, everything immediately updates.
On web app, I’m also forcefully signed out after X amount of time, don’t know, but I had been asked to sign in 3 times on the web app this hour and I didn’t click sign out button for sure.
also opened git issue here: Mobile stops updating data & then user is signed out after X amount of time? · Issue #3655 · RocketChat/Rocket.Chat.ReactNative · GitHub
Server Setup Information
- Version of Rocket.Chat Server: 4.3.2
- Operating System: ubuntu 16.04
- Deployment Method: docker
- Number of Running Instances:
- DB Replicaset Oplog:
- NodeJS Version:
- MongoDB Version: 5.0
- Proxy: nginx
- Firewalls involved:
Do you have any integration, or any other client consuming the APIs with the same user and password you use for this user?
If this was a common problem, we certainly were hearing about it all around.
Sounds like a specific error only at you instance.
Yeah, I fixed this, I had a bot running every 30 seconds, signing in to my account, and adding all users to all public channels.
I moved that bot to a separate account and it appears to be ok. Thank you
What you can do to avoid this is to create a personal access token
go to your avatar > my account > personal access token
and make sure to mark the ignore Two Factor Authentication
Otherwise, for each new token you get from your user and password, will invalidate the previous one, rendering the behavior you experienced.
Glad everything worked out
If you have any other doubts, don’t hesitante to contact us.
Also, I would like to invite you to our next Community Open Call:
I’ve seen you reply with this answer to a number of threads and I wonder if it applies to my situation.
I think the best course of action for you is to move this logic to the server.
If you have a user you already trust (he is already logged into your App), you can then create the user with our APIS with any random password, previously.
Then, when the user clicks the “chat” button in your webapp, your backend will call this API:
which will generate a token…
then you redirect the user to:
This is not the optimal auth method. OAuth fits greatly here, but it will require you supporting it in your App. This resumetoken method will make it hard to login using mobile or desktop app.
You could probably leverage deep links, passing the token to try to allow mobile an desktop usage.
Bear in mind that your tokens, servers info and what not will do a quick pass by our servers, if leveraging deeplinks
This isn’t normal behaviour, jfyi.
This isn’t true.
But we can’t really help you in this specific case except for what Duda ^ and I just commented here, without looking at the script/code you’re using to authenticate.