Login screen reloads while typing password

Hi, I’ve noticed that sometimes the login screen flashes/reloads when I’m halfway through typing my master password and takes me back to the email screen. Most recently this happened on Firefox extension, but has previously occurred on the desktop app as well. To clarify it’s only after logging out or deauthorizing sessions from the web vault - not when unlocking the vault. Could this behaviour be seen as a security risk? Where does the password ‘live’ while being typed into the bitwarden app/extension? Has anyone else experienced this weird bug? Thanks.

I noticed the same problem when logging into the bitwarden extension in Google Chrome on Win 11 22h2. Sometimes when logging in, bitwarden reloads and the entered password instead of going to bitwarden is entered in the address bar. It doesn’t happen every time. I recently finished all bitwarden sessions. Then I logged into several browsers where I have bitwarden (chrome, edge, brave, firefox) and the problem occurred in all browsers. So I opened bitwarden normally, it logged me out (correctly, because I ended all sessions on purpose), and then when I entered the password, the extension reloaded and I had to enter the password again. Unfortunately, part of the password was entered in the address bar until I noticed it :frowning: With everyday use, I don’t notice this problem. But when I ended all sessions, suddenly the problem occurred in all 4 browsers!

Sorry for my English, I’m using a translator

Hi @backlit3171 and welcome to the community :tada:

The behavior you are describing is currently expected when locking or logging out/de-authing sessions on the browser extension and desktop app.

With those events occurring, we reload the process (app/extension) to ensure all previously used memory is wiped. This is a security measure we had to add, as browsers/frameworks being used aren’t great in clearing up all of their data.

@qFKesZC77KY83rJHoJs: I haven’t heard or experienced the behavior you are describing. Please get in touch with support if this is an issue.

Kind regards,

@djsmith85 Is the 10-second delay intentional, or is that just how long it takes for the process to complete once it has been initiated?

It would be nice if the reload happens faster (before one starts typing), or alternatively, if the reload could be deferred when the client detects that the user is attempting to log in again (in which case they would presumably not care about their secrets remaining in memory).

Thanks for the clarification on this, much appreciated. I’m guessing since I was typing in the password field itself when the refresh happened there’s no reason to change my master password? Have a great day.