Mattermost Desktop: session expired

Summary
Every time I open desktop app I receive “Session expired” error. Next, I can successfully login.
Steps to reproduce
Mattermost Desktop (windows) has version installed (v5.2.1); cleaned the local profile C:\Users\user\AppData\Roaming\Mattermost; revoke all my sessions on the server

1. run Mattermost Desktop
2. query database “SELECT * FROM sessions WHERE userid=‘my_user_id’;” I see my session ID and token my_session_token
3. I close the application and see that the session is still present in the database
4. I run Mattermost Desktop again and the application returns an error “session expired”
5. The old session is not picked up by the application; Server logs:
   {"timestamp":"2022-11-28 08:23:59.742 Z","level":"warn","msg":"Error while creating session for user access token","caller":"app/session.go:89","error":"createSessionForUserAccessToken: Invalid or missing token., resource: UserAccessToken id: token=my_session_token"}
{"timestamp":"2022-11-28 08:23:59.750 Z","level":"warn","msg":"Error while creating session for user access token","caller":"app/session.go:89","error":"createSessionForUserAccessToken: Invalid or missing token., resource: UserAccessToken id: token=my_session_token"}
{"timestamp":"2022-11-28 08:23:59.766 Z","level":"warn","msg":"Error while creating session for user access token","caller":"app/session.go:89","error":"createSessionForUserAccessToken: Invalid or missing token., resource: UserAccessToken id: token=my_session_token"}
{"timestamp":"2022-11-28 08:23:59.774 Z","level":"warn","msg":"Error while creating session for user access token","caller":"app/session.go:89","error":"createSessionForUserAccessToken: Invalid or missing token., resource: UserAccessToken id: token=my_session_token"}

Expected behavior
No need to login every time open desktop app

Need to notice that a lot of our mattermost users share same ip address. Server deployed using GitHub - mattermost/docker: Install Mattermost server via Docker
Server versio 7.2.0-rc3

Do you see the same issue with desktop app v5.2.2?

Hi montesuma and welcome to the Mattermost forums!

Could it be that you disabled Personal Access Tokens in your System Console → Integration Management?

Personal Access Tokens enabled in System Console
I will try to reproduce with 5.2.2 desktop app

Same issue with 5.2.2

Alright, next idea: When you’re logged in, click on your profile picture in the top right corner, then on “Profile” and then on “Security” to “View and Log Out of Active Sessions”:

grafik805×496 33.9 KB

Make sure you log out of all active sessions for your user account, then start a new one and see if this problem still persists. Very unlikely, but maybe one of your sessions is “broken” and therefore causes issues.

Unfortunately in my environment this issue affect more than one hundred users, so I need to find a root cause. It would be very helpful if you explain how I can identify “broken” session in more technical terms, may be something on database level

I don’t know how to identify them, it was just an assumption that maybe one of the sessions is corrupt and I wanted to find out if the problem gets fixed when you clear your user’s sessions manually using the GUI and if there are any sessions left.

You can export the sessions in your database first by running the following query:

select * from sessions where userid IN (SELECT id FROM users where username='YOURNAME');

The values for the column expiresat would be interesting, they should contain a unix timestamp which should be resonably higher than the createat timestamp.

mattermost=# SELECT TO_TIMESTAMP(createat/1000),TO_TIMESTAMP(expiresat/1000) from sessions where userid IN (SELECT id FROM users where username='YOURNAME');
      to_timestamp      |      to_timestamp
------------------------+------------------------
 2022-10-27 07:31:15+02 | 2022-12-16 10:43:01+01
 2022-12-08 17:26:13+01 | 2022-12-27 05:41:46+01
 2022-12-02 14:47:11+01 | 2022-12-21 07:41:45+01
 2022-08-24 16:52:03+02 | 2022-12-27 09:08:06+01
(4 rows)

There are several settings in the system console and config.json that have an impact on the session duration, here’s an example out of my config.json:

# grep SessionLength /opt/mattermost/config/config.json
        "ExtendSessionLengthWithActivity": true,
        "SessionLengthWebInDays": 14,
        "SessionLengthWebInHours": 336,
        "SessionLengthMobileInDays": 14,
        "SessionLengthMobileInHours": 336,
        "SessionLengthSSOInDays": 14,
        "SessionLengthSSOInHours": 336,

The values here mean that I do have 14d session length, so users would have to re-login after 14 days and additionally, I do extend the session expiration when there’s activity on the account (ExtendSessionLengthWithActivity).

What do these values look like on your system?

        "ExtendSessionLengthWithActivity": true,
        "SessionLengthWebInDays": 180,
        "SessionLengthWebInHours": 4320,
        "SessionLengthMobileInDays": 180,
        "SessionLengthMobileInHours": 4320,
        "SessionLengthSSOInDays": 30,
        "SessionLengthSSOInHours": 720,

OK, one last guess here - can you please confirm that the URL you’re using to connect to your Mattermost server in the desktop app matches the SiteUrl setting in your system console (section “Environment” → “Web Server”)? The newer desktop app clients automatically redirect to the value provided in the servers SiteURL` and maybe that’s causing the logout for you.

I have checked settings, both URLs match

Hi montesuma,

in a different thread, someone pointed out that their reverse proxy was tinkering with the headers and caused the initial authentication header the client sends to the Mattermost server to be dropped and therefore the sessions had to be recreated everytime they started the application.
Can you please describe your server side setup a bit more? Do you use a reverse proxy in front of your Mattermost server and if so, what does its configuration look like? Are you working on some of the request headers in there in order to modify the loadbalancing algorithm or anything like that?