Cannot save new passwords in browser extension, instant Session Expired on save #1254

New Issue

Closed

opened 2025-10-09 17:09:09 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2025-10-09 17:09:09 +03:00

Owner

Copy Link

Originally created by @aleksandarmomic on GitHub.

Subject of the issue

When I want to save something through the extension, I get an instant Session Expired message.
Sync works without issues, it's just saving data that doesn't.
I also use the Android app and it works fine both with sync and saving entries.

Extension version: 1.54.0
Browser: Firefox 94.0.2 (64-bit)

Tried in edge, also doesn't work.

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.23.0
• Web-vault version: v2.23.0c
• Running within Docker: true (Base: Debian)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.35.4
• Clients used: Firefox Extensions 1.54.0
• Reverse proxy and version: Traefik 2.5.4
• Other relevant information: Raspberry PI 4 (Raspberry PI OS 64bit, Bullseye)

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, USER_ATTACHMENT_LIMIT, ORG_ATTACHMENT_LIMIT, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.*****-******.***",
  "domain_origin": "*****://*****.*****-******.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": 5242880,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "*****.**********@*****.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*****.**********@*****.***",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": 1048576,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

• Login to extension
• Press on '+' icon
• Save any login information

Expected behaviour

Data saved successfully

Actual behaviour

Got Session Expired message and have to relogin to bitwarden. 2FA not asked again.

Troubleshooting data

Log entries when pressing Save:
[request][INFO] POST /api/ciphers
[auth][ERROR] Unauthorized Error: No access token provided
[response][INFO] POST /api/ciphers (post_ciphers) => 401 Unauthorized

Docker compose:

version: '3.4'

networks:
  web:
    external: true
services:
  vaultwarden:
    image: vaultwarden/server
    container_name: vaultwarden
    networks:
      - web
    environment:
      PUID: 1000
      PGID: 1000
      TZ: ${TIMEZONE:?err}
      WEBSOCKET_ENABLED: 'true'
      SIGNUPS_ALLOWED: 'false'
      ADMIN_TOKEN: '${BITWARDEN_ADMIN_TOKEN:?err}'
      DOMAIN: 'bitwarden.example.com'
      USER_ATTACHMENT_LIMIT: 1048576
      ORG_ATTACHMENT_LIMIT: 5242880
      SMTP_HOST: 'smtp.gmail.com'
      SMTP_FROM: 'redacted'
      SMTP_FROM_NAME: 'Vaultwarden'
      SMTP_PORT: '587'
      SMTP_SSL: 'true'
      SMTP_PASSWORD: '${VAULTWARDEN_SMTP_PASSWORD:?err}'
    volumes:
      - ${CONTAINERS_PATH:?err}/vaultwarden:/data
    labels:
      traefik.enable: 'true'
      traefik.http.routers.vault${TRAEFIK_PUBLIC_SERVICE_POSTFIX:?err}.entrypoints: '${TRAEFIK_HTTPS_ENTRYPOINT:?err}'
      traefik.http.routers.vault${TRAEFIK_PUBLIC_SERVICE_POSTFIX:?err}.rule: 'Host(`bitwarden.example.com`)'
      traefik.http.routers.vault${TRAEFIK_PUBLIC_SERVICE_POSTFIX:?err}.tls: 'true'
    restart: always

Originally created by @aleksandarmomic on GitHub. ### Subject of the issue When I want to save something through the extension, I get an instant Session Expired message. Sync works without issues, it's just saving data that doesn't. I also use the Android app and it works fine both with sync and saving entries. Extension version: 1.54.0 Browser: Firefox 94.0.2 (64-bit) Tried in edge, also doesn't work. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.23.0 * Web-vault version: v2.23.0c * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: Firefox Extensions 1.54.0 * Reverse proxy and version: Traefik 2.5.4 * Other relevant information: Raspberry PI 4 (Raspberry PI OS 64bit, Bullseye) ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, USER_ATTACHMENT_LIMIT, ORG_ATTACHMENT_LIMIT, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_FROM_NAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.*****-******.***", "domain_origin": "*****://*****.*****-******.***", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": 5242880, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*****.**********@*****.***", "smtp_from_name": "Vaultwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*****.**********@*****.***", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": 1048576, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> - Login to extension - Press on '+' icon - Save any login information ### Expected behaviour Data saved successfully ### Actual behaviour Got Session Expired message and have to relogin to bitwarden. 2FA not asked again. ### Troubleshooting data **Log entries when pressing Save:** [request][INFO] POST /api/ciphers [auth][ERROR] Unauthorized Error: No access token provided [response][INFO] POST /api/ciphers (post_ciphers) => 401 Unauthorized **Docker compose:** ```yaml version: '3.4' networks: web: external: true services: vaultwarden: image: vaultwarden/server container_name: vaultwarden networks: - web environment: PUID: 1000 PGID: 1000 TZ: ${TIMEZONE:?err} WEBSOCKET_ENABLED: 'true' SIGNUPS_ALLOWED: 'false' ADMIN_TOKEN: '${BITWARDEN_ADMIN_TOKEN:?err}' DOMAIN: 'bitwarden.example.com' USER_ATTACHMENT_LIMIT: 1048576 ORG_ATTACHMENT_LIMIT: 5242880 SMTP_HOST: 'smtp.gmail.com' SMTP_FROM: 'redacted' SMTP_FROM_NAME: 'Vaultwarden' SMTP_PORT: '587' SMTP_SSL: 'true' SMTP_PASSWORD: '${VAULTWARDEN_SMTP_PASSWORD:?err}' volumes: - ${CONTAINERS_PATH:?err}/vaultwarden:/data labels: traefik.enable: 'true' traefik.http.routers.vault${TRAEFIK_PUBLIC_SERVICE_POSTFIX:?err}.entrypoints: '${TRAEFIK_HTTPS_ENTRYPOINT:?err}' traefik.http.routers.vault${TRAEFIK_PUBLIC_SERVICE_POSTFIX:?err}.rule: 'Host(`bitwarden.example.com`)' traefik.http.routers.vault${TRAEFIK_PUBLIC_SERVICE_POSTFIX:?err}.tls: 'true' restart: always ```

OVERLORD closed this issue 2025-10-09 17:09:10 +03:00

OVERLORD commented 2025-10-09 17:09:11 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

Some extensions can block these kind of headers. Also, try to log out and back in to see if that helps.

Else try to disable some other extensions to see which interferes.

@BlackDex commented on GitHub: Some extensions can block these kind of headers. Also, try to log out and back in to see if that helps. Else try to disable some other extensions to see which interferes.

OVERLORD commented 2025-10-09 17:09:12 +03:00

Author

Owner

Copy Link

@aleksandarmomic commented on GitHub:

Indeed it was Adguard. Totally forgot about it. Thank you!

@aleksandarmomic commented on GitHub: Indeed it was Adguard. Totally forgot about it. Thank you!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1254