Maybe I misunderstood something but for some reason the web vault locks my account immediately and every time on browser refresh. This happens even though I have selected “1 hour” as the setting for Vault Timeout. And the selected Vault Timeout action is “Lock”.
This is on Chrome 86/macOS.
I’ve actually noticed that the Android app keeps locking my account, no matter what settings I use. I’ve even tried “Never” just as a test but it’s still locked almost every time I try to autofill in a browser.
Still not working. Does not work if I disable adblocker. Behaves the same on Firefox too. So is it intentional that:
No matter what settings you have, the web vault will always lock on browser refresh and requires entering the master password?
The web vault locks automatically on refresh even if the timeout is set.
The desktop client does not lock itself even after refreshing it. (Timeout set to never)
So this should be bug.
@tgreer can you confirm this?
If this is a bug, file an issue on
Edit:
When never is set for the timeout in the desktop app, the vault is not locked on refresh. But if a time like 30 minutes is set, the vault willl automatically lock itself on refresh Ctrl+Shift+ R
The web vault doesn’t have a never option for timeout. If a time value is set, the vault will automatically lock on browser refresh.
Not a bug, fortunately. When you select “never” for the desktop app / browser extension, your key is written to disk, and can thus be retrieved, and your vault stays unlocked.
The web vault doesn’t write the key to disk (hence no “never” option) and refreshing the vault via the browser refresh button will indeed trigger a lock. Navigating through the web vault will refresh the data when you change tabs/pages.
- Lock (default).Locking your Vault will maintain Vault data on the device. You will only be prompted to enter your Master Password to decrypt your Vault, however no Two-step Login method will be required to unlock your Vault.Bitwarden client applications don’t need to be online to unlock.
Vault Timeout Options | Bitwarden Help Center
I think this article should be updated.
Using the Android app, it locks very quickly no matter what timeout settings I have. It’s quite frustrating!
That’s really weird. I have no problem with my app. I just tried it out.
Device specifications?
One more thing.
Try restarting your device
or
Rollback to the previous version of the app and see if the problem is still there.
I’m currently using a Pixel 4a running the latest official Android 11 release. Prior to this, I had a Pixel 3 XL for around 2 years, always running the latest Android OS. I had exactly the same issues on that device.
I have tried disabling battery optimisation to make sure the app doesn’t keep getting closed. I’ve tried setting different timeout lengths, including “on app restart” and “never”. Still, almost every time I try to enter a password, I’m taken to the app to unlock it with my fingerprint before I’m presented with a list of available passwords.
I don’t know if it’s a totally unrelated issue but I also find that, quite often, I won’t get a Bitwarden popup using Chrome on Android. I have to open the app, search for the site in question and manually copy and paste the password. This isn’t as big a problem on Firefox for Android, though I occasionally see this behaviour. Using the addon for Firefox is much more reliable.
File an issue on Github. Someone will help you there. I don’t know any solution.
@danmullen very strange indeed! Github is for sure the best place for us to collect information and track with engineering.
@vachan fair point, article update with a note about the web vault will be out shortly.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
Web vault setting is 15 minute lock, NOT ‘on browser refresh’. Refresh locks it.
Tried reaching out on Twitter and was just told “refresh is similar to closing the tab or browser so this is as expected for vault protection” but then why have an option to lock on refresh?
Didn’t receive clarification on Twitter so hoping someone here can help
The timeout option is really to keep it from locking until the browser is refreshed.
Okay, I suppose that makes sense. Thanks for the quick reply!
Regardless of the value of Timeout (including On browser refresh), every time you perform a page reload (including a normal reload - F5 or changing the language), the web vault will execute the Vault timeout action immediately after.
I found this issue has appeared and been fixed before, but it seems to have reappeared.
@tanquang I moved your post into the other thread.
What is the fix you mean?
As seen above, it seems to be fixed on the Bitwarden app and extension, but the web vault doesn’t seem to be.