[Question]: Require login every time refresh

[SailFlorve]

Contact Details

No response

What is your question?

why every time I refresh the web, login required? what should I config?

More Details

and if there is any way to disable user auth system?

What is the main subject of your question?

User System/OAuth

Screenshots

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[danny-avila]

why every time I refresh the web, login required? what should I config?

This is not the behavior of the app. It's probably due to your cookie handling on your browser.

and if there is any way to disable user auth system?

Yes, you can disable user registration once you are signed up. You can't disable the authentication system altogether: https://docs.librechat.ai/features/user_auth_system.html#disable-user-registration

[SailFlorve]

this should not be the case. I deployed using Docker, but when accessing via IP, it does require a login every time. This was the case even before the SESSION_EXPIRYfields were implemented, and they work fine with https. so it’s not related to them. I’m not sure what the reason is.

[danny-avila]

yes I'm not sure, I can't reproduce and I almost exclusively use localhost (http)

[anes300]

My apologies, I wasn't specific enough. This only happens if I try to connect to the application from another client and not when doing it on localhost. It seems like it's not saving the JWT token on the client. I have indeed setup the SESSION_EXPIRY and REFRESH_TOKEN_EXPIRY to the default values according to the .env.example.

[SailFlorve]

Yeah. It happens when remote client access by IP, not localhost.

[fuegovic]

Yeah. It happens when remote client access by IP, not localhost.

I don't know how to fix it but I was able to reproduce

I host LibreChat on a home server on my local network

• if I access LibreChat through the url https://example.com everything works as expected
• if I access LibreChat through the server local network address http://192.168.xx.xx:3080/ I need to re-login evvery time I refresh the page

[danny-avila]

I know what's going on now after thinking about this more. It's related to this: #471

@fuegovic @anes300 @SailFlorve

The cookies are set to secure in "production" mode, which is the default when you run the server. According to expressjs docs:

secure - Ensures the browser only sends the cookie over HTTPS.

I forget this because they are still sent in a localhost environment. Without cookies, you need to login every time.

After I merge this PR, you can run the cookies in the insecure mode by running npm run backend:dev to start the app. For docker, you change the NODE_ENV in the compose file to development

Related PR: #1088

Please confirm this works

[davecrab]

I'm having this same issue, I've set the NODE_ENV=development in both the .env and docker-compose.override files and rebuilt the image but still getting the same issue. Any ideas?

I'm just accessing this locally on my network via http via safari. Happens both on iOS and Mac

[danny-avila]

via http

you should access it via HTTPS.

NODE_ENV

If you are sure about running in the insecure mode which can expose you to many vulnerabilities, it should be NODE_ENV=CI

[davecrab]

Ok I'll look at setting up https with caddy, thanks for the response!

[itoudium]

Hello. I also encountered the same problem but was able to resolve it.
I am using docker-compose to expose it on my home local network.
It turns out that specifying NODE_ENV was not effective because it is directly defined in package.json, rather than being provided in .env or docker-compose.yml. Instead, I found a workaround by merging the following content into docker-compose.override.yml:

services:
  api:
    command: npm run backend:dev

Thank you for the wonderful product.

[snab43]

Hello. I also encountered the same problem but was able to resolve it. I am using docker-compose to expose it on my home local network. It turns out that specifying NODE_ENV was not effective because it is directly defined in package.json, rather than being provided in .env or docker-compose.yml. Instead, I found a workaround by merging the following content into docker-compose.override.yml:

services:
  api:
    command: npm run backend:dev

Thank you for the wonderful product.

Having the OP issue on my Unraid server using docker. Does anyone know how to apply the above fix in Unraid?

[fuegovic]

It depends on how you deployed using unraid, if you used portainer in unraid you can easily modify the compose file directly in portainer to add this. If you used to the community app, I'm not certain.

[snab43]

I did use a community app, yeah. No worries! Hopefully someone comes across this and knows.