Welcome to the mailbox user forum
 

Session times out two times a day

Zsolt Donca shared this idea 6 months ago
Proposed

My mailbox.org session times out about two times a day, and having to log in twice is very annoying. Why can't it stay logged in for a reasonable amount of time like any other modern web app?


In the general security settings, I have "Automatic sign out" set to "Never". I understand that a literal "Never" is not practical actually a technically feasible way, but ~4 hours instead is way too short.


I would like my mailbox.org session to keep me logged in at least for a week, and ideally even for more.

Replies (13)

photo
2

I'm on Beta and am logged out constantly - every time I close my browser, and when I disconnect and reconnect (or am disconnected from) the internet. This didn't happen for me on the standard platform, as it respected the "automatic sign out - never" setting. But perhaps it's not a beta thing after all...maybe this is happening more frequently for everyone. It's a real hassle to be opening my password manager multiple times a day (as I intentionally don't save passwords in my browser), and inserting 1) user name and main password 2) 2FA code 3) Guard password ... then dealing with signing out of ghost sessions that were created by Mailbox.org signing me out without my permission, and then finally resuming my work.

I have already submitted feedback to support staff on this, but nothing has improved.

photo
1

I am also on the beta. Maybe that's why it started happening? I have opened a helpdesk ticket also, but so far there has not been any resolution.

photo
1

Mailbox behaves the same in Chrome with all extensions disabled as it behaves in Firefox: I had Mailbox prompting me for my credentials at least once a day.

photo
1

Today I noticed that the main settings screen stayed logged in, while all the other open tabs (docs, email, etc) did not. If users are in the middle of working on something like an important document, and Mailbox logs them off against their wishes, remaining logged into the settings menu is not helpful. I have no idea who is troubleshooting this on the team's end (if anyone), but noting this nuance here for the record.

photo
2

I'm glad that I'm not the only one seeing this issue. I agree, it's a real pain having to open my password manager, etc. to log back in every time I want to check my emails.

I'm coming from Protonmail where once I logged in, I stayed logged in until I signed out.

Sure hope this gets resolved soon.

photo
3

I think mailbox.org have stated that this is not a bug (but a security feature) and they won't change/fix it. If this is true then they at least should remove the option "never" for "Automatic Sign out".

photo
1

I rarely reboot my PC and being signed out every day or so is truly beyond annoying.

The "automatic sign out: never" option does absolutely nothing. Security feature my ass - unless the Germans understand "never" differently than the rest of the world.

photo
2

Well, I thought 2FA is the critical addition to security.

For me it's a real annoyance since I have to login in on each machine (business & private) at least once per day. I just hibernate (more correct: hibernate on Windows, stand-by on MacOS) either computer keeping their OS sessions for a reason. Maybe mark the option "never" as "not recommended" but leave it in working on behalf of my own risk.

I suppose the prior session time outs (4 or five days from memory) much more balanced in terms of overall security since I now have to unlock my KeePass database every day twice (which I have set to lock with every hibernation, again on purpose because that's my critical box of secrets).

Ironically, on iOS' Mail app I have mailbox.org as one of my integrated accounts. There nothing has changed though that's not my primary way of access to mailbox.org's mail service.

photo
3

Yes, this is a major issue for me too. Coming from googlemail, I am used to always have an open browser tab for my Email, which will not work for me, if I need to log in each time. It is an annoyance!

I raised a ticket in March and became the answer that they will pass my request to their product manager who will decide, which might be a complex and lengthy process...

Maybe it helps to raise a ticket on your own, so that eventually mailbox.org will hear their users.

photo
2

I've opened a support ticket as well. These constant logouts are seriously annoying.

photo
1

@ce72

for me it's yet to early for "ticket bombing". Mailboy.org remains a (very) small business even for Germany's standards. ^^

And right now they've just got overrun by new customers trying to get away from large scale cloud providers, which is a bigger challenge from business perspective for sure.

Though it has taken quite some time in the past to address (and solve) some issues just via this forum, it has worked out many times. I'm willing to wait another couple of weeks before entering the official ticket route.


Edits: paragraphs

photo
2

It doesn't sound like their support ticket system works anyways. I've entered this issue as a ticket several days ago but it shows I have 0 tickets.

photo
2

Hello.

Currently, a Login 2.0 session allows an idle time of 8 hours and a maximum session extension of 4 days. We have already increased the values. We are planning to increase these values a little. But we have to check this first.

I will create a ticket so that the “never” option for automatic logout is removed, as it does not work with Login 2.0. Individual session lengths are not in scope for Login 2.0. We can only make global changes.

@9592406 You can also write an email to helpdesk@mailbox.org to open a ticket. Please let us know the ticket number for the ticket that is not displayed so that we can check why you cannot see it.

Your Mailbox.org-Team

photo
4

"idle time of 8 hours and a maximum session extension of 4 days"

That's an extremely strict setup for people who actually sleep, as it requires at least one, if not more log-ins on a daily basis.

I don't think I'll enable 2FA anytime soon with the constant log-in requirement. It's damn annoying... Can you at least let people stay logged in for a week if you need to forcibly log them out at all?

Something like: "24 hours of idle time and a maximum session extension of 7 days". Still not perfect, but at least semi-usable... Seriously, who wants to be logged out of their email all the time?

photo
photo
2

I have to login multiple times a day ever since switching to the login.

I had to turn off 2FA because this is already extremely time consuming, and interrupts the work flow

photo
2

Initially I thought this was my self-destructing cookies plugin, but I've whitelisted the entire domain and others are reporting the same issue - so it's an Mailbox.org problem. Specifically, it can't become my default primary account if it logs out on its own and thus I lose desktop notifications from my browser.

Edit: For now, I've set up mailnag as an IMAP solution. Not sure what the Windows or Mac equivalent would be.

photo
6

Hey,
we did start with conservative values in terms of session lifetime, as we wanted to guarantee stability when scaling up the Login 2.0.

Of course we know that logging in multiple times a week (or even per day) is annoying, and we want to improve the user experience. So for now, we increased the lifetime of a session to 16 hours (while keeping it capped at 4 days). This means, that as you can stay logged in for up to 4 days now as long as you are active every 16 hours. This should reduce the number of fresh logins needed to around 2 per week instead of 2 per day.

We actually want to increase the session lifetime even further than that, but we have to carefully monitor the system, as we're moving thousands and thousands of users per day to Login 2.0. Once the migration is done we're at more liberty to act here and improve on the session times.

I hope I could clear things up a bit.


Hendrik

photo
3

Thank you for that update Hendrik! Very helpful. More proactive communication from the team for private customers would be appreciated moving forward. Imagine a culture at Mailbox.org where this log in limitation would have been communicated in advance (without waiting for complaints to stack up). Or a culture where the team isn't getting pinged with the same help desk questions over and over because problems are immediately communicated to everyone, along with proposed solutions and timelines.

photo
2

Hi Maximus,

I totally agree. In fact, the plan to increase the session times is months older than this thread. It's just, as described, we are working within rather cautious limits right now.


Best,

Hendrik

photo
1

Hi Hendrik,

thanks for the detailed response. 16to48-hours conditional session timeout is a welcomed (next) step for me.

Though this issue is/was a nuisance to some (like me ^^), overall the migration appears to process well. I hope/wish this is a valid sign to incrementally increase the account numbers for each remaining migration run.

Good luck!

photo
2

Thank you Hendrik. Note that it's not only about the length of inactivity, but also about not being able to close the browser. For me it seems to time out every time the browser closes, wether I close it on purpose, or because there was too many apps opened on my phone and browser got unloaded. It didn't use to do that with the previous login.

Thanks

photo
1

Hi 9592406,

just like with the old login, the session is tied to cookies stored in the browser. So as long as your session is valid, and the cookies are not deleted, you should be able to log in without a hitch.

If you go to mailbox.org and click on the Login-button in the upper right corner, you should be forwarded automatically to the webmailer. Another thing you could try is navigating to the webmailer directly and see if you're logged in right away (PSA: please note that the URL of the webmailer will change in the future).


Best,

Hendrik

photo
2

Thank you for your reply. Here are the steps:

1) open mobile browser (I tried different browsers)

2) go to mailbox.org, login to see emails

3) close browser

4) open browser again

Result: the tab that had mailbox email open redirects me to the mailbox login page.

With the previous login version I used to be able to close browsers without having to login again.


Thanks

photo
2

Exactly.

Very annoying.

I'm tempted to use a new password like “start123” and no 2FA to make it easier checking my mail from my home PC where nobody has access. But I don't think that's the recommended ;-)

At the moment, I'm using Betterbird – just for that reason. I would prefer to use the web version.

I wish mailbox.org would add back the feature from the previous version where I could decide how long (or not at all) it takes before I'm automatically logged out.

photo
photo
3

Any further improvements to the user experience? Slightly less annoying is still... annoying. In the 21st century, using email shouldn't feel like a nuisance.

Among all the mail providers I use, you're basically the only one that logs me out constantly. You may call it a feature, but from a user's perspective, it's just an annoyance known only to Mailbox.org users.

photo
2

Please can this be sorted a.s.a.p. !

How difficult can it be to allow users to set their own automatic log-out times? Constantly having to log in is driving me insane and I will almost certainly be forced to abandon Mailbox if you can't sort it soon (despite having been a perfectly happy customer up to this point).

Please!

photo
1

Hi and thank you for your responses. We are still working on implementing Login 2.0, which will prolong the automatic log-out-times. Until then we have to ask a little more patience.

With kind regards

your mailbox.org team

photo
2

I’m still being logged out in less than 8 hours. Could you provide us with an update on extending cookie lifetime?

photo
2

Hi, yes, and i'm still being logged out every time my mobile phone browser closes for any reason. Thanks.

photo
2

This should have been a matter of days. Maybe a few weeks. But now, half a year later, mailbox.org is still messed up, still regular logouts.

It's the only mail service that logs users out on a regular basis.

Not using 2FA seems to be the only way to make this semi-crippled service viable at all... How's this secure?

Do you even care?

photo
1

I read my mailbox.org email on my phone using Chrome. When I switch to a different app on the phone (without closing the browser) and return to the browser to check my email I have to login at mailbox.org again. This is a huge P.I.T.A.

I dumped Google email because I want to support a European company (especially one in Berlin because I love Berlin) but this login problem at mailbox.org has gone on for so long now that I am considering going back to Google email for my domain :-(

I was happy with your email service until you messed with the login timeouts. Please fix this. I think that the German word for what you did is "verschlimmbesserung".

photo
2

Sure makes you wonder what's going on with this company. Thought this would be fixed by now.

photo
1

Thank you for your responses and your critical feedback, we really appreciate it. We are still working on a fix, and we are hopeful that we can roll it out soon. As of yet we can't give an exate date, so we have to ask for a little more patience.

With kind regards

Your mailbox.org team

photo
photo
3

Please take the feedback seriously and fix the issue. Using the service especially on multiple devices is very tedious. I honestly find it impossible to believe anyone in the team uses their own service on a browser. I can't think of any other service that would automatically log out every day.

photo
2

From what I've read mailbox.org does not develop the web email interface. It's handled by Open-Xchange, so mailbox.org might not have much say in what gets changed.

This is coming from Reddit, so we might need to take that with a grain of salt.

It sure would be nice to be able to login to my email and stay logged in. Just like Proton Mail that I'm trying to move away from. Perhaps I'll be going back to them soon.

photo
2

Yeah, I'm trying to move away as well, I can't be 2FA logging in to it multiple times a day

photo
2

It's not very efficient this way. Seeing that this has been going on now for 6 months, it's probably safe to say that it's never going to get fixed.

photo
2

Hello,

thank you for your comments and your critique. We have rolled out Login 2.0.That is a login that is provided by us, not by Open-Xchange. This offers the option of staying logged in for longer. However, we are still testing a few things at the moment. For this reason, this feature is not yet activated. We will implement it in the near future, however. We therefore ask for a little more patience.

With kind regards
your mailbox.org team

photo
photo
2

Announcement by Mailbox:

https://mailbox.org/en/news/mailbox-becomes-the-digitally-sovereign-workplace/

*Key new features at a glance*
- Progressive Web App (PWA) for mobile working without app installation


Let's hope that the PWA will finally stay logged in.

photo
2

Unfortunately, the PWA on my iPhone still logs out after ~4 hrs. This is way too short.

photo
2

Logout times in desktop browser seem to be fixed whoever, which increases usability a LOT.

Curios to see PWA once Firefox rolls these out.

photo
2

This problem has been fascinating to reflect on from a meta/business school perspective. It's a case study in how customers don't really care about many benefits a product or service offers them if one single pain point prevents them from easy access to all those positive features. Even if that single pain point, rationally speaking, is objectively minor (in terms of being an inconvenience). It speaks, categorically, to transparency and trust. Being asked to wait is not the same thing as being told why to wait, what the hold up is, estimated timelines for fixes, being kept in the loop, etc It does make one wonder if the creators are eating their own dog food. That being said, I'm really grateful the desktop log in experience has dramatically improved, and hopeful all other platforms will follow suit.

photo
photo
3

Very annoying.
Close my browser, and immediately logged out.
Open password manager... open OTPclient... every time - very annoying.
Solution 1:
Use password "start123" and no 2FA
Solution 2:
Use MailClient.

I like the new version of mailbox, but that ruins the whole thing.

Mailbox, ... please fix it as fast as you can...

photo
2

Yeah, not good. Why can't they make it work like other email providers where you stay logged in when closing the browser?


Perhaps they need to contact Proton Mail and see how they do it. Works great there.


Mailbox is quickly becoming more of a pain than it's worth.

photo
photo
2

Yes, this is a real PIA. An ongoing issue for far too long. Now they've rolled out the new version and this is still unfixed. "We are still testing". Are they eating their own dog food?

photo
4

They say "we have to ask for a little more patience", as if this crippled service hasn't already lasted for half a year now. It seems to me like those people don't even use the service they sell, otherwise they would know how broken it is. Every normal service provider would strive to fix such a bug in a week or two, but not them...

For some reason they act as if this were some sort of security measure, a feature, and not a semi-broken service.


I'm slightly pissed off because I migrated to mailbox.org hoping to finally get a long-term stable service without the need to switch elsewhere, but now I'm getting a long-term broken service with a long-term "we have to ask for a little more patience".

photo
4

I raised this topic in their thread about the "relaunch" of their service as Mailbox.org

mailbox relaunch: New suite, new design, new features

and suggested just as you did, that they try "eating their own dog food".

Specifically they should try using their webmail interface in a browser on a mobile phone. It's still broken. I am using the latest Chrome browser on the latest iOS.

Their priority seems to be rebranding and adding colorful bling without fixing old bugs first. Their programmers are probably clever enough to fix this but their management has other priorities.

This whole thread should not be in the "Ideas" category but rather in the "Problems" category.

photo
2

You have every reason to be "pissed off". This has taken way too long to fix.

photo
Leave a Comment
 
Attach a file