Soft logout disables encryption when logging back in #20648
Comments
turt2live
added
A-E2EE
A-Soft-Logout
turt2live
changed the title
kittykat
added
the
X-Needs-Info
turt2live
added
Sponsored
and removed
X-Needs-Info
|
Is the "soft logout" visible at all? I'm considering creating a bug for an issue, and this might be related:
Suddently one of androids starts sending UNENCRYPTED messages (also: dropped info about channel title, doesn't recognize itself as channel administrator, still decrypts other devices). This seems quite fatal because the user is not informed at all that he suddently dropped out of e2e and starts sending unencrypted messages. Only other sessions (mine, and my friend's) started showing the messages as unencrypted. Logging out and relogin on the broken device fixed the issue, but e2e in element is unusable like that. Can't be trusted. |
|
Soft logout is a very visible flow to the user. It sounds like the issue you're facing isn't related to Web at all though, so would be best placed in another issue tracker. |
MSC: matrix-org/matrix-spec-proposals#2918 Fixes element-hq/element-web#18698 Fixes element-hq/element-web#20648 **Requires matrix-org/matrix-js-sdk#2178 **Note**: There's a lot of logging in this PR. That is intentional to ensure that if/when something goes wrong we can chase the exact code path. It does not log any tokens - just where the code is going. Overall, it should be fairly low volume spam (and can be relaxed at a later date). ---- This approach uses indexeddb (through a mutex library) to manage which tab actually triggers the refresh, preventing issues where multiple tabs try to update the token. If multiple tabs update the token then the server might consider the account hacked and hard logout all the tokens. If for some reason the timer code gets it wrong, or the user has been offline for too long and the token can't be refreshed, they should be sent to a soft logout screen by the server. This will retain the user's encryption state - they simply need to reauthenticate to get an active access token again. This additionally contains a change to fix soft logout not working, per the issue links above. Of interest may be the IPC approach which was ultimately declined in favour of this change instead: #7803
Soft logout is when the server logs the user out but intends for them to reauthenticate to keep their encryption state. Usually this is associated with the
session_lifetimein Synapse (for example).When the server issues a soft logout, we're supposed to let the user restore their encryption state by logging back in. However, when the user logs back in after a soft logout we fail to set up crypto properly and permanently break it for that session - the user needs to log out and back in fully to recover.
This screen is not commonly encountered by regular users, but is seen often by enterprise-style usecases.
The text was updated successfully, but these errors were encountered: