Being logged out at random durations [Firefox behaviour]

[arimareiji]

If so, no worries: Is it normal to be asked to log back in every day or two, sometimes a week or two, at random intervals despite not having logged out or cleared cookies or whatnot? (Most recently within the last 15-ish minutes, it's not just at night or any suchlike.)

 

[arimareiji]

I have the same extensions for both browsers, so the only real difference is Chrome vs Firefox. I have everything set to keep me logged in, but for example, when I was working in another tab and then just came back to Mangadex just now, it treated me as not being logged in, but a simple refresh of the page made it realize that I was actually logged in.

Huh. I'll have to give that a try next time it happens.

 

[BraveDude8]

it treated me as not being logged in, but a simple refresh of the page made it realize that I was actually logged in.

This sounds like your session token for auth.mangadex.org is still valid, but the association with mangadex.org is being broken by your browser somehow.

 

[Roler]

I have the same extensions for both browsers, so the only real difference is Chrome vs Firefox. I have everything set to keep me logged in, but for example, when I was working in another tab and then just came back to Mangadex just now, it treated me as not being logged in, but a simple refresh of the page made it realize that I was actually logged in.

I was getting a weird recaptcha error occasionally for about a week, so I assume it is something with that and generic Firefox. I simply don't have the problem in Chrome.

I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.

 

[arimareiji]

I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.

Any idea what the purpose of this is?

 

[Roler]

Any idea what the purpose of this is?

It's the authentication method MangaDex uses for security and possibly for performance reasons.

MangaDex uses OAuth 2 with short-lived access tokens (15 minutes) and long-lived refresh tokens (90 days). Access tokens are sent to every request to the API that needs auth, while refresh tokens are only sent to the Keycloak authentication server.

https://api.mangadex.org/docs/02-authentication (MangaDex's official web frontend uses a Public client, which are currently unavailable to register for the general public)

 

[Akule]

This sounds like your session token for auth.mangadex.org is still valid, but the association with mangadex.org is being broken by your browser somehow.

It's been even longer now since the last time the recaptcha error happened, so whatever was causing that seems to be fixed.

I think it's what Roler mentioned. I'll have to see what the error says when the silent refresh fails.

I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.

Hm. I noticed the Session token expired message, and the silent refresh. It successfully refreshed when I went back to the tab.

The next time I get the logout, I will see what the console says.

 

[arimareiji]

It's the authentication method MangaDex uses for security and possibly for performance reasons.

MangaDex uses OAuth 2 with short-lived access tokens (15 minutes) and long-lived refresh tokens (90 days). Access tokens are sent to every request to the API that needs auth, while refresh tokens are only sent to the Keycloak authentication server.

https://api.mangadex.org/docs/02-authentication (MangaDex's official web frontend uses a Public client, which are currently unavailable to register for the general public)

Thank you, I just got the chance to test it and reloading did the trick.

It's been even longer now since the last time the recaptcha error happened, so whatever was causing that seems to be fixed.

I think it's what Roler mentioned. I'll have to see what the error says when the silent refresh fails.


Hm. I noticed the Session token expired message, and the silent refresh. It successfully refreshed when I went back to the tab.

The next time I get the logout, I will see what the console says.

Keeping my fingers crossed that reloading will work for you too upon getting the logout, if it hasn't already. (Not sure.)

 

[Akule]

I use Firefox too but don't have any issues, except if I leave the mangadex tab open while the PC is asleep, because the access token doesn't refresh while the PC is asleep, but that is easily solved by just reloading the page which forces a refresh.

Note: in the browser console, if you have debug\verbose logging enabled, every 15 minutes you'll see "Session token expiring... attempting silent refresh", you can try and check if it's followed by an error or something if you know how.

I finally got the error again. A refresh cleared it, but here is the error from the console:

This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html for further details and to join the discussion on related tools and features!
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token. (Reason: CORS request did not succeed). Status code: (null).

 

[Roler]

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token. (Reason: CORS request did not succeed). Status code: (null).

MDN

---

The HTTP request which makes use of CORS failed because the HTTP connection failed at either the network or protocol level. The error is not directly related to CORS, but is a fundamental network error of some kind.

In many cases, it is caused by a browser plugin (e.g. an ad blocker or privacy protector) blocking the request.

Since you mentioned it happens only in Firefox, most likely a client-side block. Could be any extension (doesn't necessarily need to be an intentional block, could be an extension bug too) or messing with a browser setting (like "Enhanced Tracking Protection").

 

[GipoScribantino]

I was reading a chapter on my laptop, but while still having it opened I had to leave to do something else.
Closing the laptop lid suspends the laptop activities and this includes disconnecting it from the network.
When the lid is opened again, even though it connects again the MangaDex session gets killed and I'm logged out.
This has happened other times, but I've noticed the sequence of events only now.
If I leave the site before closing the lid nothing happens, that is, the next time I visit this place I'm still logged in.

mod note - merged into existing thread

 

[BraveDude8]

Check auth.mangadex.org next time to see if your login session is still active there. If it is, something might be breaking the link between subdomains and logging you out on the frontend/forums.

mod note - merged into existing thread

 

[solstice258]

I experience that too. Do you use Firefox?
There's an explanation in this thread. I'm not tech savvy so I've accepted to live with it.

mod note - merged into existing thread

 

[GipoScribantino]

I experience that too. Do you use Firefox?
There's an explanation in this thread. I'm not tech savvy so I've accepted to live with it.

No, I'm not using Firefox and the logout happens only when the connection goes down for an extended period of time. I had times when I was offline for a short period and I was still logged in.

Check auth.mangadex.org next time to see if your login session is still active there. If it is, something might be breaking the link between subdomains and logging you out on the frontend/forums.

Alright. I can't seem to find the right amount of time before the logout happens. I tried waiting 10 minutes but I'm still logged in.
When it happened earlier I had it sleeping for something like 30 minutes, so I'll have to check next time. Maybe these numbers carry information useful to you, I don't know.

 

[GipoScribantino]

I managed to trigger this behaviour again and here's what I observed:
Every 15 minutes or so the browser sends a "ping" to the auth domain to ensure the session is still alive; if the browser fails to deliver the ping then the session is considered closed and the user logged out, a successful delivery triggers the remember me mechanism and anything else involved and keeps the user logged in.
When the PC is brought out of its suspended state the browser sends this ping immediately, but due to the internet connection not being completely available the ping request is kept suspended until it times out (I don't know how many seconds that timeout is). Since the request is aborted, the session is not restored until the page is refreshed.
The question is: is it a security issue if the ping is sent one more time if the timeout expires? I understand that session tokens and periodic refreshes are placed to avoid attacks based on stale sessions (like it happened in 2019 or so), but it would seem to work around this issue so I'm asking it.

 

[jorgelotr]

I do have PB on Brave, but no on Edge. I could understand the thing about temporary disconnection when coming back from sleep, but sometimes it happens after browsing from a time without turning the computer to sleep mode. It COULD be some weird thing my router does, given that it sometimes starts kicking out devices or doing other strange things. Or it could be some other thing with my browser, given that there are pages I can access correctly (either in "not broken" or in just "access") in private mode while they fail in regular mode even with every extension/shield turned off.

I'll try the fix proposed and cross my fingers.

 

[arimareiji]

For any newcomers to the thread:

Here's the explanation for why there's not a solution (other than to hit refresh every time it happens): https://forums.mangadex.org/threads...irefox-behaviour.1831642/page-2#post-22629597

 

[FireWyvern98]

If mangadex logged me out, it should give a warning (like a pop-up or some sort) that I was logged out. I lost count how many time I unknowingly logged out (and not realizing profile account disappeared), and my read history not updating.

 

[Grogzilla]

If mangadex logged me out, it should give a warning (like a pop-up or some sort) that I was logged out. I lost count how many time I unknowingly logged out (and not realizing profile account disappeared), and my read history not updating.

This occurs

 

[GipoScribantino]

This occurs

That does not happen while in the reader especially if you're reading multiple chapters in one sitting. You get it only when you try changing pages, e.g. to the updates tab.
But this is a different matter than what this thread is about.

 

[Grogzilla]

That does not happen while in the reader especially if you're reading multiple chapters in one sitting. You get it only when you try changing pages, e.g. to the updates tab.

They expressed their statement as if this dialogue box didn't exist. Just clearing the air a little