Session times out two times a day

I am also on the beta. Maybe that's why it started happening? I have opened a helpdesk ticket also, but so far there has not been any resolution.

Mailbox behaves the same in Chrome with all extensions disabled as it behaves in Firefox: I had Mailbox prompting me for my credentials at least once a day.

Today I noticed that the main settings screen stayed logged in, while all the other open tabs (docs, email, etc) did not. If users are in the middle of working on something like an important document, and Mailbox logs them off against their wishes, remaining logged into the settings menu is not helpful. I have no idea who is troubleshooting this on the team's end (if anyone), but noting this nuance here for the record.

I'm glad that I'm not the only one seeing this issue. I agree, it's a real pain having to open my password manager, etc. to log back in every time I want to check my emails.

I'm coming from Protonmail where once I logged in, I stayed logged in until I signed out.

Sure hope this gets resolved soon.

I think mailbox.org have stated that this is not a bug (but a security feature) and they won't change/fix it. If this is true then they at least should remove the option "never" for "Automatic Sign out".

I rarely reboot my PC and being signed out every day or so is truly beyond annoying.

The "automatic sign out: never" option does absolutely nothing. Security feature my ass - unless the Germans understand "never" differently than the rest of the world.

Well, I thought 2FA is the critical addition to security.

For me it's a real annoyance since I have to login in on each machine (business & private) at least once per day. I just hibernate (more correct: hibernate on Windows, stand-by on MacOS) either computer keeping their OS sessions for a reason. Maybe mark the option "never" as "not recommended" but leave it in working on behalf of my own risk.

I suppose the prior session time outs (4 or five days from memory) much more balanced in terms of overall security since I now have to unlock my KeePass database every day twice (which I have set to lock with every hibernation, again on purpose because that's my critical box of secrets).

Ironically, on iOS' Mail app I have mailbox.org as one of my integrated accounts. There nothing has changed though that's not my primary way of access to mailbox.org's mail service.

Yes, this is a major issue for me too. Coming from googlemail, I am used to always have an open browser tab for my Email, which will not work for me, if I need to log in each time. It is an annoyance!

I raised a ticket in March and became the answer that they will pass my request to their product manager who will decide, which might be a complex and lengthy process...

Maybe it helps to raise a ticket on your own, so that eventually mailbox.org will hear their users.

I've opened a support ticket as well. These constant logouts are seriously annoying.

@ce72

for me it's yet to early for "ticket bombing". Mailboy.org remains a (very) small business even for Germany's standards. ^^

And right now they've just got overrun by new customers trying to get away from large scale cloud providers, which is a bigger challenge from business perspective for sure.

Though it has taken quite some time in the past to address (and solve) some issues just via this forum, it has worked out many times. I'm willing to wait another couple of weeks before entering the official ticket route.

Edits: paragraphs

It doesn't sound like their support ticket system works anyways. I've entered this issue as a ticket several days ago but it shows I have 0 tickets.

Hello.

Currently, a Login 2.0 session allows an idle time of 8 hours and a maximum session extension of 4 days. We have already increased the values. We are planning to increase these values a little. But we have to check this first.

I will create a ticket so that the “never” option for automatic logout is removed, as it does not work with Login 2.0. Individual session lengths are not in scope for Login 2.0. We can only make global changes.

@9592406 You can also write an email to helpdesk@mailbox.org to open a ticket. Please let us know the ticket number for the ticket that is not displayed so that we can check why you cannot see it.

Your Mailbox.org-Team

"idle time of 8 hours and a maximum session extension of 4 days"

That's an extremely strict setup for people who actually sleep, as it requires at least one, if not more log-ins on a daily basis.

I don't think I'll enable 2FA anytime soon with the constant log-in requirement. It's damn annoying... Can you at least let people stay logged in for a week if you need to forcibly log them out at all?

Something like: "24 hours of idle time and a maximum session extension of 7 days". Still not perfect, but at least semi-usable... Seriously, who wants to be logged out of their email all the time?

Thank you for that update Hendrik! Very helpful. More proactive communication from the team for private customers would be appreciated moving forward. Imagine a culture at Mailbox.org where this log in limitation would have been communicated in advance (without waiting for complaints to stack up). Or a culture where the team isn't getting pinged with the same help desk questions over and over because problems are immediately communicated to everyone, along with proposed solutions and timelines.

Hi Maximus,

I totally agree. In fact, the plan to increase the session times is months older than this thread. It's just, as described, we are working within rather cautious limits right now.

Best,

Hendrik

Hi Hendrik,

thanks for the detailed response. 16to48-hours conditional session timeout is a welcomed (next) step for me.

Though this issue is/was a nuisance to some (like me ^^), overall the migration appears to process well. I hope/wish this is a valid sign to incrementally increase the account numbers for each remaining migration run.

Good luck!

Thank you Hendrik. Note that it's not only about the length of inactivity, but also about not being able to close the browser. For me it seems to time out every time the browser closes, wether I close it on purpose, or because there was too many apps opened on my phone and browser got unloaded. It didn't use to do that with the previous login.

Thanks

Hi 9592406,

just like with the old login, the session is tied to cookies stored in the browser. So as long as your session is valid, and the cookies are not deleted, you should be able to log in without a hitch.

If you go to mailbox.org and click on the Login-button in the upper right corner, you should be forwarded automatically to the webmailer. Another thing you could try is navigating to the webmailer directly and see if you're logged in right away (PSA: please note that the URL of the webmailer will change in the future).

Best,

Hendrik

Thank you for your reply. Here are the steps:

1) open mobile browser (I tried different browsers)

2) go to mailbox.org, login to see emails

3) close browser

4) open browser again

Result: the tab that had mailbox email open redirects me to the mailbox login page.

With the previous login version I used to be able to close browsers without having to login again.

Thanks

Exactly.

Very annoying.

I'm tempted to use a new password like “start123” and no 2FA to make it easier checking my mail from my home PC where nobody has access. But I don't think that's the recommended ;-)

At the moment, I'm using Betterbird – just for that reason. I would prefer to use the web version.

I wish mailbox.org would add back the feature from the previous version where I could decide how long (or not at all) it takes before I'm automatically logged out.

I’m still being logged out in less than 8 hours. Could you provide us with an update on extending cookie lifetime?

Hi, yes, and i'm still being logged out every time my mobile phone browser closes for any reason. Thanks.

This should have been a matter of days. Maybe a few weeks. But now, half a year later, mailbox.org is still messed up, still regular logouts.

It's the only mail service that logs users out on a regular basis.

Not using 2FA seems to be the only way to make this semi-crippled service viable at all... How's this secure?

Do you even care?

I read my mailbox.org email on my phone using Chrome. When I switch to a different app on the phone (without closing the browser) and return to the browser to check my email I have to login at mailbox.org again. This is a huge P.I.T.A.

I dumped Google email because I want to support a European company (especially one in Berlin because I love Berlin) but this login problem at mailbox.org has gone on for so long now that I am considering going back to Google email for my domain :-(

I was happy with your email service until you messed with the login timeouts. Please fix this. I think that the German word for what you did is "verschlimmbesserung".

Sure makes you wonder what's going on with this company. Thought this would be fixed by now.

Thank you for your responses and your critical feedback, we really appreciate it. We are still working on a fix, and we are hopeful that we can roll it out soon. As of yet we can't give an exate date, so we have to ask for a little more patience.

With kind regards

Your mailbox.org team

Yeah, I'm trying to move away as well, I can't be 2FA logging in to it multiple times a day

It's not very efficient this way. Seeing that this has been going on now for 6 months, it's probably safe to say that it's never going to get fixed.

Hello,

thank you for your comments and your critique. We have rolled out Login 2.0.That is a login that is provided by us, not by Open-Xchange. This offers the option of staying logged in for longer. However, we are still testing a few things at the moment. For this reason, this feature is not yet activated. We will implement it in the near future, however. We therefore ask for a little more patience.

With kind regards
your mailbox.org team

Unfortunately, the PWA on my iPhone still logs out after ~4 hrs. This is way too short.

Logout times in desktop browser seem to be fixed whoever, which increases usability a LOT.

Curios to see PWA once Firefox rolls these out.

This problem has been fascinating to reflect on from a meta/business school perspective. It's a case study in how customers don't really care about many benefits a product or service offers them if one single pain point prevents them from easy access to all those positive features. Even if that single pain point, rationally speaking, is objectively minor (in terms of being an inconvenience). It speaks, categorically, to transparency and trust. Being asked to wait is not the same thing as being told why to wait, what the hold up is, estimated timelines for fixes, being kept in the loop, etc It does make one wonder if the creators are eating their own dog food. That being said, I'm really grateful the desktop log in experience has dramatically improved, and hopeful all other platforms will follow suit.

Yeah, not good. Why can't they make it work like other email providers where you stay logged in when closing the browser?

Perhaps they need to contact Proton Mail and see how they do it. Works great there.

Mailbox is quickly becoming more of a pain than it's worth.

I raised this topic in their thread about the "relaunch" of their service as Mailbox.org

mailbox relaunch: New suite, new design, new features

and suggested just as you did, that they try "eating their own dog food".

Specifically they should try using their webmail interface in a browser on a mobile phone. It's still broken. I am using the latest Chrome browser on the latest iOS.

Their priority seems to be rebranding and adding colorful bling without fixing old bugs first. Their programmers are probably clever enough to fix this but their management has other priorities.

This whole thread should not be in the "Ideas" category but rather in the "Problems" category.

You have every reason to be "pissed off". This has taken way too long to fix.