Don't log out apps upon invalid server response (HTTP 500, 503, internal server error, 404, DNS failure, etc)

Feature name

  • Stay logged in even when server is broken / internet is out

Feature function

  • Currently, if the bitwarden servers (self hosted, or even bitwarden-hosted) go down and are either inaccessible or return errors, the browser plugins and mobile apps seem to treat that as a “please log me out, invalid password” response. This is bad news if you’re like me and self host… and put your bitwarden and hosting account passwords in your self hosted bitwarden… or if there’s a large-scale outage of some kind, or even if you’re connected to a walled garden, etc.
  • Implementing this feature will give users a fighting chance to use or backup their passwords during an outage, or maybe not even notice a temporary outage.
  • Currently I have zero trust that I’ll have access to my passwords if I’m traveling and don’t have reliable internet, which is a dealbreaker for a devops person such as myself. This feature would be one “easy” step towards establishing that confidence.
1 Like

Hello,

I’m using Bitwarden hosted on my personal server.
If the web service is not available for any reasons, when i open the application (Android), there is a message “the session expired” and i can’t access to my passwords.

It would be fine if passwords are always available even if web server is not available.

Regards.

1 Like

This applies to Traefik’s ipwhitelist middleware which throws a 503 response if an attempt to access a service outside of a trusted network is made. The app expires the session (in the android app and browser extensions from my testing) and you must log back in to gain access to your vault again once on a trusted network. (Note: I know this is an old RFE, but wanted to document this and possibly revive it to see if it would be possible to consider changing this behavior).

I support this request. Personally, I think that the Bitwarden apps need an offline mode (in which syncing and editing is disabled), and that connection errors should simply switch the app into this offline mode (without logging out).

Quick update for those that might want to run behind Traefik with the ipwhitelist middleware (as is my use-case). Traefik is deprecating ipwhitelist in favor of ipallowlist which allows the http return code to be specified. I didn’t see this in the Traefik docs, but it’s quite obvious in the middleware code (here). Just specify the rejectStatusCode as 404 on your service and the apps/extensions will no longer logout when unavailable. Example:

-l traefik.http.middlewares.vault-ipallowlist.ipallowlist.sourcerange='192.168.2.0/24'
-l traefik.http.middlewares.vault-ipallowlist.ipallowlist.rejectStatusCode='404'

Additional note: You will need Traefik v3.0.0-rc1+ for this to work (as it stands currently).