"Your login session has expired." when trying to open an item that belongs to an org #2104

New Issue

MrUnknownDE · 2026-04-06T03:01:00+02:00

MrUnknownDE commented

2026-04-06 03:01:00 +02:00

Originally created by @qbarbe on 6/2/2022

Subject of the issue

"Your login session has expired." when trying to open an item that belongs to an org

Deployment environment

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.25.0
Web-vault version: v2.28.1
Running within Docker: true (Base: Debian)
Environment settings overridden: false
Uses a reverse proxy: false
Internet access: true
Internet access via a proxy: false
DNS Check: true
Time Check: true
Domain Configuration Check: false
HTTPS Check: true
Database type: SQLite
Database version: 3.35.4
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*********.*****************.**",
  "domain_origin": "*****://*********.*****************.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": false,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "Bitwarden - **********",
  "invitations_allowed": true,
  "ip_header": "X-Forwarded-For",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": true,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "*********@*****************.**",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.************************.**",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_security": "force_tls",
  "smtp_ssl": false,
  "smtp_timeout": 15,
  "smtp_username": "*********",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 30,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

vaultwarden version: 2.25.0

Install method: Docker
Clients used: Web vault, Browser extension and Desktop client

Steps to reproduce

Command used to start vaultwarden: docker run -d --restart unless-stopped --name vaultwarden -v /vw-data/:/data/ -e "TZ=Europe/Paris" -e LOG_FILE=/data/vaultwarden.log -e LOG_LEVEL=debug -p 80:80 vaultwarden/server:latest

Login to the web-vault, click on an org, try to open an item.

Expected behaviour

The org's item should open

Actual behaviour

I get logged out as soon as I click on the item with the "Your login session has expired." error, in short: I can't open org items from the web vault.

Troubleshooting data

Logs from /vw-data/vaultwarden.log and logs set to debug.

[2022-06-02 18:52:24.543][request][INFO] GET /api/organizations/some-id/collections
[2022-06-02 18:52:24.544][response][INFO] (get_org_collections) GET /api/organizations/<org_id>/collections => 200 OK
[2022-06-02 18:52:24.604][request][INFO] GET /api/ciphers/organization-details?organizationId=some-id
[2022-06-02 18:52:24.610][response][INFO] (get_org_details) GET /api/ciphers/organization-details?<data..> => 200 OK
[2022-06-02 18:52:27.036][request][INFO] GET /notifications/hub?access_token=some-token
[2022-06-02 18:52:27.036][response][INFO] (websockets_err) GET /notifications/hub => 400 Bad Request

Also, don't pay attention to the domain configuration check: the domain name I use to access the admin page is the internal one.

*Originally created by @qbarbe on 6/2/2022*  ### Subject of the issue "Your login session has expired." when trying to open an item that belongs to an org ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.25.0 * Web-vault version: v2.28.1 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: false * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: false * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*********.*****************.**", "domain_origin": "*****://*********.*****************.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": false, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "Bitwarden - **********", "invitations_allowed": true, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "debug", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": true, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": true, "smtp_from": "*********@*****************.**", "smtp_from_name": "Bitwarden", "smtp_host": "****.************************.**", "smtp_password": "***", "smtp_port": 465, "smtp_security": "force_tls", "smtp_ssl": false, "smtp_timeout": 15, "smtp_username": "*********", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 30, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * vaultwarden version: 2.25.0  * Install method: Docker * Clients used: Web vault, Browser extension and Desktop client ### Steps to reproduce Command used to start vaultwarden: docker run -d --restart unless-stopped --name vaultwarden -v /vw-data/:/data/ -e "TZ=Europe/Paris" -e LOG_FILE=/data/vaultwarden.log -e LOG_LEVEL=debug -p 80:80 vaultwarden/server:latest Login to the web-vault, click on an org, try to open an item. ### Expected behaviour The org's item should open ### Actual behaviour I get logged out as soon as I click on the item with the "Your login session has expired." error, in short: I can't open org items from the web vault. ### Troubleshooting data Logs from /vw-data/vaultwarden.log and logs set to debug. ``` [2022-06-02 18:52:24.543][request][INFO] GET /api/organizations/some-id/collections [2022-06-02 18:52:24.544][response][INFO] (get_org_collections) GET /api/organizations/<org_id>/collections => 200 OK [2022-06-02 18:52:24.604][request][INFO] GET /api/ciphers/organization-details?organizationId=some-id [2022-06-02 18:52:24.610][response][INFO] (get_org_details) GET /api/ciphers/organization-details?<data..> => 200 OK [2022-06-02 18:52:27.036][request][INFO] GET /notifications/hub?access_token=some-token [2022-06-02 18:52:27.036][response][INFO] (websockets_err) GET /notifications/hub => 400 Bad Request ``` Also, don't pay attention to the domain configuration check: the domain name I use to access the admin page is the internal one.

MrUnknownDE closed this issue

2026-04-06 03:01:00 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#2104