Being logged out at random durations [Firefox behaviour]

Supporter
Joined
Jan 26, 2018
Messages
851
If so, no worries: Is it normal to be asked to log back in every day or two, sometimes a week or two, at random intervals despite not having logged out or cleared cookies or whatnot? (Most recently within the last 15-ish minutes, it's not just at night or any suchlike.)
 
Supporter
Joined
Jan 26, 2018
Messages
851
I have the same extensions for both browsers, so the only real difference is Chrome vs Firefox. I have everything set to keep me logged in, but for example, when I was working in another tab and then just came back to Mangadex just now, it treated me as not being logged in, but a simple refresh of the page made it realize that I was actually logged in.
Huh. I'll have to give that a try next time it happens.
 
Contributor
Joined
Apr 28, 2020
Messages
134
I have the same extensions for both browsers, so the only real difference is Chrome vs Firefox. I have everything set to keep me logged in, but for example, when I was working in another tab and then just came back to Mangadex just now, it treated me as not being logged in, but a simple refresh of the page made it realize that I was actually logged in.

I was getting a weird recaptcha error occasionally for about a week, so I assume it is something with that and generic Firefox. I simply don't have the problem in Chrome.
I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.
 
Supporter
Joined
Jan 26, 2018
Messages
851
I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.
Any idea what the purpose of this is? :unsure:
 
Contributor
Joined
Apr 28, 2020
Messages
134
Any idea what the purpose of this is? :unsure:
It's the authentication method MangaDex uses for security and possibly for performance reasons.

MangaDex uses OAuth 2 with short-lived access tokens (15 minutes) and long-lived refresh tokens (90 days). Access tokens are sent to every request to the API that needs auth, while refresh tokens are only sent to the Keycloak authentication server.

https://api.mangadex.org/docs/02-authentication (MangaDex's official web frontend uses a Public client, which are currently unavailable to register for the general public)
 
Contributor
Joined
Apr 27, 2020
Messages
712
This sounds like your session token for auth.mangadex.org is still valid, but the association with mangadex.org is being broken by your browser somehow.
It's been even longer now since the last time the recaptcha error happened, so whatever was causing that seems to be fixed.

I think it's what Roler mentioned. I'll have to see what the error says when the silent refresh fails.

I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.
Hm. I noticed the Session token expired message, and the silent refresh. It successfully refreshed when I went back to the tab.

The next time I get the logout, I will see what the console says.
 
Supporter
Joined
Jan 26, 2018
Messages
851
It's the authentication method MangaDex uses for security and possibly for performance reasons.

MangaDex uses OAuth 2 with short-lived access tokens (15 minutes) and long-lived refresh tokens (90 days). Access tokens are sent to every request to the API that needs auth, while refresh tokens are only sent to the Keycloak authentication server.

https://api.mangadex.org/docs/02-authentication (MangaDex's official web frontend uses a Public client, which are currently unavailable to register for the general public)
Thank you, I just got the chance to test it and reloading did the trick.

It's been even longer now since the last time the recaptcha error happened, so whatever was causing that seems to be fixed.

I think it's what Roler mentioned. I'll have to see what the error says when the silent refresh fails.


Hm. I noticed the Session token expired message, and the silent refresh. It successfully refreshed when I went back to the tab.

The next time I get the logout, I will see what the console says.
Keeping my fingers crossed that reloading will work for you too upon getting the logout, if it hasn't already. (Not sure.)
 
Contributor
Joined
Apr 27, 2020
Messages
712
I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.
I finally got the error again. A refresh cleared it, but here is the error from the console:

This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html for further details and to join the discussion on related tools and features!
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token. (Reason: CORS request did not succeed). Status code: (null).
 
Contributor
Joined
Apr 28, 2020
Messages
134
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token. (Reason: CORS request did not succeed). Status code: (null).
MDN

The HTTP request which makes use of CORS failed because the HTTP connection failed at either the network or protocol level. The error is not directly related to CORS, but is a fundamental network error of some kind.

In many cases, it is caused by a browser plugin (e.g. an ad blocker or privacy protector) blocking the request.
Since you mentioned it happens only in Firefox, most likely a client-side block. Could be any extension (doesn't necessarily need to be an intentional block, could be an extension bug too) or messing with a browser setting (like "Enhanced Tracking Protection").
 
Group Leader
Joined
Sep 17, 2018
Messages
676
I was reading a chapter on my laptop, but while still having it opened I had to leave to do something else.
Closing the laptop lid suspends the laptop activities and this includes disconnecting it from the network.
When the lid is opened again, even though it connects again the MangaDex session gets killed and I'm logged out.
This has happened other times, but I've noticed the sequence of events only now.
If I leave the site before closing the lid nothing happens, that is, the next time I visit this place I'm still logged in.

mod note - merged into existing thread
 
Last edited by a moderator:
Head Contributor Wrangler
Staff
Super Moderator
Joined
Jan 18, 2018
Messages
1,968
Check auth.mangadex.org next time to see if your login session is still active there. If it is, something might be breaking the link between subdomains and logging you out on the frontend/forums.

mod note - merged into existing thread
 
Last edited:
Group Leader
Joined
Sep 17, 2018
Messages
676
I experience that too. Do you use Firefox?
There's an explanation in this thread. I'm not tech savvy so I've accepted to live with it.
No, I'm not using Firefox and the logout happens only when the connection goes down for an extended period of time. I had times when I was offline for a short period and I was still logged in.

Check auth.mangadex.org next time to see if your login session is still active there. If it is, something might be breaking the link between subdomains and logging you out on the frontend/forums.
Alright. I can't seem to find the right amount of time before the logout happens. I tried waiting 10 minutes but I'm still logged in.
When it happened earlier I had it sleeping for something like 30 minutes, so I'll have to check next time. Maybe these numbers carry information useful to you, I don't know.
 
Group Leader
Joined
Sep 17, 2018
Messages
676
I managed to trigger this behaviour again and here's what I observed:
Every 15 minutes or so the browser sends a "ping" to the auth domain to ensure the session is still alive; if the browser fails to deliver the ping then the session is considered closed and the user logged out, a successful delivery triggers the remember me mechanism and anything else involved and keeps the user logged in.
When the PC is brought out of its suspended state the browser sends this ping immediately, but due to the internet connection not being completely available the ping request is kept suspended until it times out (I don't know how many seconds that timeout is). Since the request is aborted, the session is not restored until the page is refreshed.
The question is: is it a security issue if the ping is sent one more time if the timeout expires? I understand that session tokens and periodic refreshes are placed to avoid attacks based on stale sessions (like it happened in 2019 or so), but it would seem to work around this issue so I'm asking it.
 
Dex-chan lover
Joined
Feb 1, 2018
Messages
218
I do have PB on Brave, but no on Edge. I could understand the thing about temporary disconnection when coming back from sleep, but sometimes it happens after browsing from a time without turning the computer to sleep mode. It COULD be some weird thing my router does, given that it sometimes starts kicking out devices or doing other strange things. Or it could be some other thing with my browser, given that there are pages I can access correctly (either in "not broken" or in just "access") in private mode while they fail in regular mode even with every extension/shield turned off.

I'll try the fix proposed and cross my fingers.
 
Member
Joined
Dec 2, 2018
Messages
110
If mangadex logged me out, it should give a warning (like a pop-up or some sort) that I was logged out. I lost count how many time I unknowingly logged out (and not realizing profile account disappeared), and my read history not updating.
 

Users who are viewing this thread

Top