I’m experiencing an issue where my Bitwarden browser extension locks itself every time I close and reopen my browser, even though my session timeout is set to 12 hours.
My settings (Account Security):
Unlock with PIN: enabled
Require master password on browser restart: disabled
Session timeout: Custom – 12 hours, 0 minutes
Timeout action: Lock
What I’ve checked:
The issue occurs on both Microsoft Edge and Firefox
In Edge, “Clear browsing data on close” is fully disabled
I am not using any extensions that clear cookies or local storage (tested on Edge without any such extensions)
Reinstalling/resetting the PIN did not resolve the issue
Every time I reopen the browser, Bitwarden is locked again and asks for my PIN, regardless of the timeout setting. This behavior seems inconsistent with the configured 12-hour timeout.
Has anyone else experienced this? Is this a known bug or am I missing something?
When you close the browser, the extension will timeout regardless of your session timeout settings, as documented here.
If you close your browser window, you will be logged out of your web app and your browser extension will timeout.
The only way to avoid this is to never close your browser; you should always leave one window open, perhaps minimized.
P.S.: Using a PIN without requiring the master password on restart will typically weaken the security of your local vault cached on your machine. It’s usually recommended to require the master password on restart, perhaps adjusting the master password to be more manageable, such as using a 4-word randomly generated passphrase.
Open a second, blank browser window and minimize it, then forget about that second window existing. This minimizes the browser restarts.
Rather than disabling the Master password requirement for unlocking/logging in, consider using biometric unlock (e.g. Windows Hello). (Camera, fingerprint reader or hello pin). All of these store the cryptographic data in a hardware security device instead of on your hard drive, the latter being much more accessible to malware.
