Session times out two times a day

I am also on the beta. Maybe that's why it started happening? I have opened a helpdesk ticket also, but so far there has not been any resolution.

Mailbox behaves the same in Chrome with all extensions disabled as it behaves in Firefox: I had Mailbox prompting me for my credentials at least once a day.

Today I noticed that the main settings screen stayed logged in, while all the other open tabs (docs, email, etc) did not. If users are in the middle of working on something like an important document, and Mailbox logs them off against their wishes, remaining logged into the settings menu is not helpful. I have no idea who is troubleshooting this on the team's end (if anyone), but noting this nuance here for the record.

I'm glad that I'm not the only one seeing this issue. I agree, it's a real pain having to open my password manager, etc. to log back in every time I want to check my emails.

I'm coming from Protonmail where once I logged in, I stayed logged in until I signed out.

Sure hope this gets resolved soon.

I think mailbox.org have stated that this is not a bug (but a security feature) and they won't change/fix it. If this is true then they at least should remove the option "never" for "Automatic Sign out".

I rarely reboot my PC and being signed out every day or so is truly beyond annoying.

The "automatic sign out: never" option does absolutely nothing. Security feature my ass - unless the Germans understand "never" differently than the rest of the world.

Well, I thought 2FA is the critical addition to security.

For me it's a real annoyance since I have to login in on each machine (business & private) at least once per day. I just hibernate (more correct: hibernate on Windows, stand-by on MacOS) either computer keeping their OS sessions for a reason. Maybe mark the option "never" as "not recommended" but leave it in working on behalf of my own risk.

I suppose the prior session time outs (4 or five days from memory) much more balanced in terms of overall security since I now have to unlock my KeePass database every day twice (which I have set to lock with every hibernation, again on purpose because that's my critical box of secrets).

Ironically, on iOS' Mail app I have mailbox.org as one of my integrated accounts. There nothing has changed though that's not my primary way of access to mailbox.org's mail service.

Yes, this is a major issue for me too. Coming from googlemail, I am used to always have an open browser tab for my Email, which will not work for me, if I need to log in each time. It is an annoyance!

I raised a ticket in March and became the answer that they will pass my request to their product manager who will decide, which might be a complex and lengthy process...

Maybe it helps to raise a ticket on your own, so that eventually mailbox.org will hear their users.

I've opened a support ticket as well. These constant logouts are seriously annoying.

@ce72

for me it's yet to early for "ticket bombing". Mailboy.org remains a (very) small business even for Germany's standards. ^^

And right now they've just got overrun by new customers trying to get away from large scale cloud providers, which is a bigger challenge from business perspective for sure.

Though it has taken quite some time in the past to address (and solve) some issues just via this forum, it has worked out many times. I'm willing to wait another couple of weeks before entering the official ticket route.

Edits: paragraphs

It doesn't sound like their support ticket system works anyways. I've entered this issue as a ticket several days ago but it shows I have 0 tickets.

Hello.

Currently, a Login 2.0 session allows an idle time of 8 hours and a maximum session extension of 4 days. We have already increased the values. We are planning to increase these values a little. But we have to check this first.

I will create a ticket so that the “never” option for automatic logout is removed, as it does not work with Login 2.0. Individual session lengths are not in scope for Login 2.0. We can only make global changes.

@9592406 You can also write an email to helpdesk@mailbox.org to open a ticket. Please let us know the ticket number for the ticket that is not displayed so that we can check why you cannot see it.

Your Mailbox.org-Team

"idle time of 8 hours and a maximum session extension of 4 days"

That's an extremely strict setup for people who actually sleep, as it requires at least one, if not more log-ins on a daily basis.

I don't think I'll enable 2FA anytime soon with the constant log-in requirement. It's damn annoying... Can you at least let people stay logged in for a week if you need to forcibly log them out at all?

Something like: "24 hours of idle time and a maximum session extension of 7 days". Still not perfect, but at least semi-usable... Seriously, who wants to be logged out of their email all the time?

Thank you for that update Hendrik! Very helpful. More proactive communication from the team for private customers would be appreciated moving forward. Imagine a culture at Mailbox.org where this log in limitation would have been communicated in advance (without waiting for complaints to stack up). Or a culture where the team isn't getting pinged with the same help desk questions over and over because problems are immediately communicated to everyone, along with proposed solutions and timelines.

Hi Maximus,

I totally agree. In fact, the plan to increase the session times is months older than this thread. It's just, as described, we are working within rather cautious limits right now.

Best,

Hendrik

Hi Hendrik,

thanks for the detailed response. 16to48-hours conditional session timeout is a welcomed (next) step for me.

Though this issue is/was a nuisance to some (like me ^^), overall the migration appears to process well. I hope/wish this is a valid sign to incrementally increase the account numbers for each remaining migration run.

Good luck!

Thank you Hendrik. Note that it's not only about the length of inactivity, but also about not being able to close the browser. For me it seems to time out every time the browser closes, wether I close it on purpose, or because there was too many apps opened on my phone and browser got unloaded. It didn't use to do that with the previous login.

Thanks

Hi 9592406,

just like with the old login, the session is tied to cookies stored in the browser. So as long as your session is valid, and the cookies are not deleted, you should be able to log in without a hitch.

If you go to mailbox.org and click on the Login-button in the upper right corner, you should be forwarded automatically to the webmailer. Another thing you could try is navigating to the webmailer directly and see if you're logged in right away (PSA: please note that the URL of the webmailer will change in the future).

Best,

Hendrik

Thank you for your reply. Here are the steps:

1) open mobile browser (I tried different browsers)

2) go to mailbox.org, login to see emails

3) close browser

4) open browser again

Result: the tab that had mailbox email open redirects me to the mailbox login page.

With the previous login version I used to be able to close browsers without having to login again.

Thanks

Exactly.

Very annoying.

I'm tempted to use a new password like “start123” and no 2FA to make it easier checking my mail from my home PC where nobody has access. But I don't think that's the recommended ;-)

At the moment, I'm using Betterbird – just for that reason. I would prefer to use the web version.

I wish mailbox.org would add back the feature from the previous version where I could decide how long (or not at all) it takes before I'm automatically logged out.

I’m still being logged out in less than 8 hours. Could you provide us with an update on extending cookie lifetime?

Hi, yes, and i'm still being logged out every time my mobile phone browser closes for any reason. Thanks.

This should have been a matter of days. Maybe a few weeks. But now, half a year later, mailbox.org is still messed up, still regular logouts.

It's the only mail service that logs users out on a regular basis.

Not using 2FA seems to be the only way to make this semi-crippled service viable at all... How's this secure?

Do you even care?

I read my mailbox.org email on my phone using Chrome. When I switch to a different app on the phone (without closing the browser) and return to the browser to check my email I have to login at mailbox.org again. This is a huge P.I.T.A.

I dumped Google email because I want to support a European company (especially one in Berlin because I love Berlin) but this login problem at mailbox.org has gone on for so long now that I am considering going back to Google email for my domain :-(

I was happy with your email service until you messed with the login timeouts. Please fix this. I think that the German word for what you did is "verschlimmbesserung".

Sure makes you wonder what's going on with this company. Thought this would be fixed by now.

Thank you for your responses and your critical feedback, we really appreciate it. We are still working on a fix, and we are hopeful that we can roll it out soon. As of yet we can't give an exate date, so we have to ask for a little more patience.

With kind regards

Your mailbox.org team

Yeah, I'm trying to move away as well, I can't be 2FA logging in to it multiple times a day

It's not very efficient this way. Seeing that this has been going on now for 6 months, it's probably safe to say that it's never going to get fixed.

Hello,

thank you for your comments and your critique. We have rolled out Login 2.0.That is a login that is provided by us, not by Open-Xchange. This offers the option of staying logged in for longer. However, we are still testing a few things at the moment. For this reason, this feature is not yet activated. We will implement it in the near future, however. We therefore ask for a little more patience.

With kind regards
your mailbox.org team

Unfortunately, the PWA on my iPhone still logs out after ~4 hrs. This is way too short.

Logout times in desktop browser seem to be fixed whoever, which increases usability a LOT.

Curios to see PWA once Firefox rolls these out.

This problem has been fascinating to reflect on from a meta/business school perspective. It's a case study in how customers don't really care about many benefits a product or service offers them if one single pain point prevents them from easy access to all those positive features. Even if that single pain point, rationally speaking, is objectively minor (in terms of being an inconvenience). It speaks, categorically, to transparency and trust. Being asked to wait is not the same thing as being told why to wait, what the hold up is, estimated timelines for fixes, being kept in the loop, etc It does make one wonder if the creators are eating their own dog food. That being said, I'm really grateful the desktop log in experience has dramatically improved, and hopeful all other platforms will follow suit.

Still logs me out every time the browser closes or unloads, on mobile.

Yeah, not good. Why can't they make it work like other email providers where you stay logged in when closing the browser?

Perhaps they need to contact Proton Mail and see how they do it. Works great there.

Mailbox is quickly becoming more of a pain than it's worth.

I raised this topic in their thread about the "relaunch" of their service as Mailbox.org

mailbox relaunch: New suite, new design, new features

and suggested just as you did, that they try "eating their own dog food".

Specifically they should try using their webmail interface in a browser on a mobile phone. It's still broken. I am using the latest Chrome browser on the latest iOS.

Their priority seems to be rebranding and adding colorful bling without fixing old bugs first. Their programmers are probably clever enough to fix this but their management has other priorities.

This whole thread should not be in the "Ideas" category but rather in the "Problems" category.

You have every reason to be "pissed off". This has taken way too long to fix.

Broken record?

Hi Christoph,

thank you very much for your honest feedback. We understand that it would be easier, if we could communicate what exactly is causing the hold up. Unfortunately we are not able to do so at the moment. Some of our customers are reporting the issue, but as of now we haven't been able to reproduce it reliably. We have extended the session times two weeks ago, and today again. We will extend it further, but this seems not be the issue in this case.

Our adminsitrators are working on the matter as we speak, so we are still working on a solution.

Does your browser delete all cookies automatically when closing it?

With kind regards

your mailbox team

---

Useful Links:

• Knowledge Base for Private Customers
• Knowledge Base for Business Customers

Hello mailbox team,

thank you for your detailed answer! Now I have a lot more trust that you are actually en route to fix this :-)

My browser (Firefox 144.0 64-Bit) is set not to delete cookies automatically. I usually don't close the browser and shutdown my PC but rather put the PC into energy saving mode with all programs (including the browser) left open.

I just tried to use Edge with the PWA to rule out that it is an issue with Firefox being a non-compatible browser.
Will report back in a few days how it went.

Regards
Christoph

Hallo,

<<Does your browser delete all cookies automatically when closing it?>>

I have mailbox.org set as an exception in firefox for deleting cookies when the browser gets closed. Thus no related cookies should be deleted. Nevertheless, when I close my browser I'm locked out.

I do not have this problem with other websites with high security requirements such as bitwarden, tuta, file.io, standardnotes, todoist, etc.All of them set as exception for cookie deletion.

Thank you for taking this issue seriously.

Hi 6491012,

thank you very much for your feedback. We are very sorry for your negative experience. We are looking into the matter right now.

We have looked into the logfiles and were not able to verify that you have been logged out multiple times per hour. Did it happen to you today? Could you tell us the approximate time when you had the issue the last time? Then we can look deeper into our logs.

We apologize for the inconvenience.

With kind regards

Your mailbox team

---

Useful Links:

• Knowledge Base for Private Customers
• Knowledge Base for Business Customers

Hello Mailbox.org support, thanks for your reply. Here are two new screen captures from my phone. It happened twice during the last hour. You can see the times, which are UTC+2. I did not terminate the browser and I did not restart the phone. I used other apps and other browser tabs, and when I returned to the Mailbox.org webmail interface I had to login again. This has been a nuisance for most of 2025 now. The configuration of my Chrome browser on iOS is standard and I have not added any extensions.

Hello and thank you for your message,

we can see that your account still has three more active sessions beside the newest. Please terminate those sessions. then please open a ticket with our heldpesk, so we can debug this issue further. Our administrators think that it is an individual error, rather than a general one in this case, and they would like to assist you.

You can reach our helpdesk here https://support.mailbox.org. Alternatively, you can also send an e-mail to helpdesk@mailbox.org. Our supporters and admins will take care of your request.

With kind regards

Your mailbox-Team

---

Useful Links:

• Knowledge Base for Private Customers
• Knowledge Base for Business Customers

Hello Mailbox-Team,

I'd just like to add that everytime i reopen my browser (firefox on linux) and i have to login again, a new session shows up in the security settings. So the app remembers my session but it doesnt seem to recognize it. The problem could possibly have something to do with that? I've also checked that mailbox-cookies last between reopenings of firefox, which works fine. Altough it might be that the right cookies somehow dont last.

Greetings!

Thanks very much for looking into this and replying. I'll do as you suggest and follow up with the helpdesk. The other sessions are on computers in different parts of the house. I thought that one of the advantages of a webmail interface is being able to access your email on multiple browsers (on different systems) simultaneously? I never had this problem with gmail. In any case, thank you for digging deeper into this. I'll work with the helpdesk now.

We've been complaining for months so it's only fair to let people now that the new configuration is massively better. I've not been logged out for 24 hours in the iPhone PWA.

Yes, I can confirm that it seems to work way better now. I have been inactive for approx. 26 hours and I'm still logged in with the PWA (Edge on Win 11).

Thank you mailbox support team!

Staying logged in on the mobile browser so far. Thanks!

I too am experiencing a notable improvement since this change. It's working again like it did last year. Even in my browser on my mobile phone the sessions stay up now. Thank you so much for fixing this. Now I can devote precious time to useful activities instead of the forced frequent logins at Mailbox.org. Thank you!