How often are you auto- logged out?

[ctag]

Hi,

Since somewhere between FreeNAS 11 and TrueNAS 12 I've noticed that I have to constantly keep logging back in to the web UI. Right now it seems to log me out after only 5 minutes of inactivity, which makes referencing the user guide or looking for an answer on the forums a more frustrating task.

I've also noticed that preventing the page from reloading by staying on a single pane (e.g. Jails) will continue to work for a longer period of time past when the log-out-upon-refresh occurs. It feels very inconsistent, which is why I assume it is a bug and not just a developer's decision to log out often for security's sake or something.

The only Jira ticket I could find about this appears to be closed due to lack of interest, which makes me wonder if this is an issue that affects only some systems.

Are you logged out after weeks, days, several hours? Five minutes? I would appreciate it if you would share your experience here!

To help with searchability, the error message I get now is: "Token expired, please log back in." although it used to complain about "auth token" or something instead.

 

[phebert]

I have also noticed browsers no longer offer to save credentials for it. Irritating as I have to open keepass every time, because I use big secure passwords.

 

[Dragonhead]

I only check it once a day so I don't know how short my token lasts, but I have to log in every time. It is indeed an annoyance.

 

[winnielinnie]

I have also noticed browsers no longer offer to save credentials for it. Irritating as I have to open keepass every time, because I use big secure passwords.

On the latest Chrome and Firefox, it prompts me to save the password. This is on TrueNAS Core 12.0-U4.1.

 

[majorgear]

This is still an issue. I’m doing a NAS migration using the dashboard to monitor network and storage utilization to make sure it’s going well.

Every few minutes, I have to refresh the dashboard and log in to get an updated status. It’s really irritating!

 

[Ppriorfl]

"me too". I would say it lasts maybe 15 minutes at most. Always logging to my password manager because chrome doesn't prompt to save PW (truenas scale latest version).

 

[odoyle]

Yup, happens to me, and if you have 2FA enabled it is even more annoying to login. I would guess it lasts 15 mins? There must be a way to change the expiration time?

 

[odoyle]

I'm trying out some advice from here: https://github.com/truenas/webui/pull/705#issuecomment-955651542
Did a sed replace for 3 hrs, fingers crossed! On SCALE, I found two files here: /usr/share/truenas/webui

Code:

sed -i 's/auth.generate_token",\[300/auth.generate_token",\[10800/g' 89-es2015.24d725aaaf469f591bee.js
sed -i 's/auth.generate_token",\[300/auth.generate_token",\[10800/g' 89-es5.24d725aaaf469f591bee.js

 

[ctag]

I was just about to post here that this bug persists in Truenas Scale..

Hoping odyole's worksaround is successful!

 

[lietu]

So I ran into this issue when trying out TrueNAS Scale as well, and I've seen another set of commands to patch specific .js files before. These JS files' hashes however change regularly so these suggestions rarely work very long, which is why I wrote a small script to find the relevant files and patch them with a timeout you'd like.

If anyone else lands here looking for a solution for the same problem, maybe give it a try https://github.com/lietu/truenas-tools/blob/main/truenas-scale-logout-timeout-patch.sh

 

[Slovak]

I'm on TrueNAS-12.0-U8.1 but I don't have /usr/share/truenas/webui

I only have

Code:

/var/db/system/webui
/usr/local/www/webui

The /var/db/system/webui is an empty directory.
The /usr/local/www/webui has assets.

Is that expected / should I attempt to edit files in /usr/local/www/webui?

 

[lietu]

Since I'm on TrueNAS SCALE 22.02.3, having "TrueNAS 12.0-U8.1" sounds pretty old and might have a completely different setup for how it is working. You can try the greps from my script on your directory structure and see what it finds.

 

[sfatula]

So, to use your script... Is the idea to run it at startup maybe so on first login, it will take longer to get logged out? Or, do you have to manually run it after logging in?

 

[lietu]

So, to use your script... Is the idea to run it at startup maybe so on first login, it will take longer to get logged out? Or, do you have to manually run it after logging in?

The idea is to run it once, it modifies the code responsible for creating the authentication tokens, so tokens issued after that will last as long as you configured. You will likely need to run it again if you update the system.

 

[ctag]

Just writing back here that @odoyle's workaround has bee a complete lifesaver these past few months! It works well.

 

[odoyle]

So I ran into this issue when trying out TrueNAS Scale as well, and I've seen another set of commands to patch specific .js files before. These JS files' hashes however change regularly so these suggestions rarely work very long, which is why I wrote a small script to find the relevant files and patch them with a timeout you'd like.

If anyone else lands here looking for a solution for the same problem, maybe give it a try https://github.com/lietu/truenas-tools/blob/main/truenas-scale-logout-timeout-patch.sh

Very cool! I wonder if a small edit to the sed code would work as well, not being specific about the hash part of the filename.. I updated to angelfish 22.02.4 so I came back here to redo this since the update overwrites the fix. Still can't believe it is 5 minutes by default and there is no way to change it easily!

Code:

sed -i 's/auth.generate_token",\[300/auth.generate_token",\[10800/g' 89-es2015.*.js
sed -i 's/auth.generate_token",\[300/auth.generate_token",\[10800/g' 89-es5.*.js

 

[ctag]

I upgraded to Bluefin TrueNAS-SCALE-22.12.0 and it no longer has the "89-*" javascript files. Back to the 5-minute timeouts.

 

[odoyle]

Bummer! Did you try the script from @lietu? Seems more robust and could work

 

[ctag]

Bummer! Did you try the script from @lietu? Seems more robust and could work

I totally missed that, thanks!

@lietu's script appears to work well on Bluefin! Thanks @lietu!

 

[JesseJ80]

Thanks @lietu this has been driving me crazy!!!