nawan
May 25, 2025, 10:03am
1
I realized that the “Deauthorize Session” option in the web interface doesn’t log me out of Bitwarden Desktop when the desktop application is not running. In fact, it’s still fully functional. This happen on Fedora Workstation 41 with official Bitwarden Desktop from Flathub.
The following is some information about the desktop app I use:
Version 2025.4.2
I cannot reproduce this issue when the Bitwarden desktop application is running, regardless of whether the vault is locked.
Does it remain fully functional even more than an hour after you clicked “deauthorize sessions”?
1 Like
grb
May 25, 2025, 3:05pm
3
Could you please explain more clearly? How can the desktop app be “fully functional” when it is “not running”?
nawan
May 25, 2025, 4:28pm
4
Sorry for the confusion. What I mean is that if the Bitwarden desktop app is not running when the deauthorization session is initiated, it will still log in when opened.
grb
May 25, 2025, 4:52pm
5
When you open the desktop app again, does the computer have an internet connection?
grb
May 25, 2025, 5:04pm
6
FYI, I have been able to reproduce the behavior (in Desktop version 20205.4.2), which appears to be a bug. The same thing is occurring with me for the browser extension (i.e., it remains logged in after deauthorizing all sessions).
Even when the app or extension is force synced, it remains logged in. I believe that the disclaimer about a 1-hour propagation delay is related to the interval of background synchronization, so a forced sync should cause the deauthorization to occur immediately.
grb
May 25, 2025, 7:01pm
7
FYI, the bug has been reported on Github:
opened 06:58PM - 25 May 25 UTC
bug
web
### Steps To Reproduce
1. Log in to Desktop app and set the vault timeout actio… n to "Lock".
2. Close Desktop app.
3. Log in to Web Vault and **deauthorize all sessions**.
4. Open Desktop app.
5. Unlock the logged-in account in the Desktop app.
6. Sync vault in Desktop app.
7. Edit vault item in Desktop app, and save changes.
8. Wait at least 60 minutes.
9. If the Desktop app is locked, unlock it.
10. Sync vault in Desktop app.
11. Edit vault item in Desktop app, and save changes.
12. Log back in to Web Vault, and view the items that were edited in **Steps 7 & 11**.
### Expected Result
The account that was logged in to the Desktop app should be automatically logged out, either at **Step 4**, **Step 5**, **Step 6**, **Step 7**, **Step 8**, **Step 9**, **Step 10**, or **Step 11**.
In **Step 12**, no modifications to the items should be seen.
### Actual Result
The account that was logged in to the Desktop app remains logged in and authorized indefinitely (through **Steps 4–11** and beyond). The changes made in **Steps 7 & 11** are synced to the Web Vault and to other devices.
### Screenshots or Videos
_No response_
### Additional Context
The Desktop app used for testing was a portable Desktop app for Windows, version 20205.4.2.
The deauthorized account _does_ become logged out when deauthorizing sessions if the Desktop app was _open_ (and either unlocked or locked) when deauthorization was initiated from the Web Vault.
During testing, I also observed the following behaviors in the _browser extension_ (Chrome 2025.5.0), which I have _not_ been able to reproduce after the initial observation:
* Under some conditions (which I have not been able to recreate), the logged-in browser extension also remains logged in after deauthorization from the Web Vault.
* When logging back in to the browser extension after one of the deauthorization events that _successfully_ logged out the browser extension, and error message with wording similar to "attempt to use a disconnected port object" was seen (this happened only one time).
At least two users have reported the same issue on the [Bitwarden Community Forum](https://community.bitwarden.com/t/the-deauthorize-session-option-does-not-log-out-of-bitwarden-desktop-when-it-is-not-running/85142).
### Operating System
Windows
### Operating System Version
Windows 11
### Web Browser
Chrome
### Browser Version
_No response_
### Build Version
2025.5.0
### Issue Tracking Info
- [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
3 Likes