You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
qBittorrent: 4.6.5
Operating system: WebUI on any OS, Win11 host
What is the problem?
When logging in via webUI the session timeout set in the webUI preferences is not respected.
For example on mobile devices, where the browser is often killed to free memory, the webUI asks me to login almost every time I go back to the browser and the page is reloaded.
I looked at /src/webui/webapplication.cpp and it looks like that the timeout from WebUI prefernces is only used in the server side check.
So the cookie that is sent to the browser doesn't have it's expiration time set according to the preferences, resulting in a "session cookie". https://doc.qt.io/qt-6/qnetworkcookie.html#details : "If the expiration date is not present, the cookie is considered a "session cookie" and should be discarded when the application exits"
Specifically around line 743, where the cookie is being constructed and sent to the browser, there aren't any calls to setExpirationDate(), resulting in a session-only cookie by default.
For example on mobile devices, where the browser is often killed to free memory, the webUI asks me to login almost every time I go back to the browser and the page is reloaded.
Session cookies — cookies without a Max-age or Expires attribute – are deleted when the current session ends. The browser defines when the "current session" ends, and some browsers use session restoring when restarting. This can cause session cookies to last indefinitely.
You should tweak your browser to enable session restoring, especially if it will be killed unexpectedly.
Specifically around line 743, where the cookie is being constructed and sent to the browser, there aren't any calls to setExpirationDate(), resulting in a session-only cookie by default.
It is intended that a WebUI session is tied to a browsing session.
You should tweak your browser to enable session restoring, especially if it will be killed unexpectedly.
I don't see any such options on safari or chrome on ipadOS
It is intended that a WebUI session is tied to a browsing session.
That is rather surprising.
I assumed that since there is a timeout in the preferences, the intended behaviour would be equivalent to what most web apps do when "remember me" is checked.
I guess its a missing feature then.
I confirm, I have the same problem. It's worth closing the browser and qBittorrent WebUI to ask me to enter my username and password.
Please add Max-age or Expires to your cookies when logging in:
qBittorrent & operating system versions
qBittorrent: 4.6.5
Operating system: WebUI on any OS, Win11 host
What is the problem?
When logging in via webUI the session timeout set in the webUI preferences is not respected.
For example on mobile devices, where the browser is often killed to free memory, the webUI asks me to login almost every time I go back to the browser and the page is reloaded.
I looked at /src/webui/webapplication.cpp and it looks like that the timeout from WebUI prefernces is only used in the server side check.
So the cookie that is sent to the browser doesn't have it's expiration time set according to the preferences, resulting in a "session cookie".
https://doc.qt.io/qt-6/qnetworkcookie.html#details : "If the expiration date is not present, the cookie is considered a "session cookie" and should be discarded when the application exits"
Specifically around line 743, where the cookie is being constructed and sent to the browser, there aren't any calls to setExpirationDate(), resulting in a session-only cookie by default.
qBittorrent/src/webui/webapplication.cpp
Line 743 in 9d87a81
Steps to reproduce
expected: staying logged in until the timeout set in webUI preferences expires
actual result: user is no longer logged in and is required to login again
Additional context
Log(s) & preferences file(s)
No response
The text was updated successfully, but these errors were encountered: