Firefox loses authentication on reload in TrueNAS SCALE 25.10.1 (tab duplicate works)

Hello,

I would like to report a reproducible authentication issue in
TrueNAS SCALE 25.10.1 that only affects Firefox.

Summary:
In Firefox, the TrueNAS WebUI loses authentication whenever a new
browser document context is created (reload, new tab, URL re-open).
The only case that works reliably is duplicating the existing tab.

Environment:

  • Product: TrueNAS SCALE
  • Version: 25.10.1
  • Browser affected: Firefox (clean profile, no extensions)
  • Browser not affected: Chromium / Edge
  • OS tested: Windows and Linux (CachyOS VM)

Steps to reproduce:

  1. Open Firefox
  2. Open the TrueNAS WebUI
  3. Log in successfully
  4. Do one of the following:
    • Press F5
    • Re-enter the URL in the address bar

Result:
The user is logged out or ends up in a non-authenticated UI state.

Expected:
The session should remain valid as long as the session cookie is valid.

Important observations:

  • Duplicating the browser tab works reliably
  • Reloading or opening the URL normally does not
  • Session cookies are sent correctly (verified via HAR)
  • No explicit logout request
  • No obvious 401/403 responses

What was tested / ruled out:

  • Clean Firefox profile and installation
  • Private browsing window
  • Firefox on multiple operating systems
  • Cookies allowed
  • Tracking protection disabled
  • All Firefox site exceptions tested (cookies, pop-ups, redirects, content blocking) — no effect
  • SameSite settings verified
  • Cache settings reset to defaults
  • No HTTPS interception or antivirus browser extensions
  • Hostname and IP tested
  • HAR files confirm cookies are present and sent correctly

Other web UIs are NOT affected:

  • Proxmox
  • OPNsense
  • Jellyfin
  • Portainer
  • Regular internet sites

This strongly suggests that in TrueNAS SCALE 25.10.x the WebUI
authentication is incorrectly bound to the SPA/WebSocket runtime
instead of being re-established from the session cookie on a cold page load.

HAR files are available if needed.

Thanks for looking into this.

Nothing?

Could someone with access to the bug reports please check on this and report back?
Is anyone even interested, or is this bug still being intentionally ignored?

Check this other thread. You even posted there in Dec 2025

Yes, but first there was not enough information about the tested environment, and the Jira ticket was marked as ā€œClosed Without Changes.ā€
It also seems that since no one is opening a new ticket or reopening the existing one, no one really cares.

That is why I created another topic with more information, hoping that someone will be able to open or reopen the bug report in Jira, because it is definitely not fixed at all.

I appreciate the enthusiasm, but if you look at the original ticket it was closed because there was no communication from the reporter for over a week after requesting a debug file and the closing comment even said it could be reopened if more information was provided.

There was nothing stopping that user from uploading a debug and restarting effort on that ticket or any other user from opening a new one, which appears to have already happened, since a fix to NAS-139491 was merged four days ago.

2 Likes

Yes I experience this on Firefox on Linux. Always been issue since using truenas for last year or so.

Was mentioned to be fixed in a recent release but has not changed for me. Even switching between different truenas can cause it to logout when returning to the tab sometimes.

My session is set to last for the hour as default

The JIRA ticket listed shows a fix in 26 BETA. What are your referring to as the fixed version?

Think it was in release notes for 25.10 was mentioned and was also touched on in the weekly vodcast on youtube. But I tested right away still occurred for me. As it still does. Yeah think I commented on the jira ticket at that time

I don’t see anything in the release notes for the 25.10 series about the firefox issue. There was a mention of Session expiry setting not working but that is a different issue. Listed in 25.10.2 release notes ixsystems.atlassian.net/browse/NAS-138467

Bug still exists in 25.10.2.1!

Ticket is still showing 26 BETA as fix version. 25.10 should still have issue

25.10.2.1 still has the issue for me

The specific Firefox issue is listed as fixed in Version 26

This issue is still happening for me in 26.0.0-BETA.1, on all these platforms I’ve tested so far:

Firefox Version: 150.0 (aarch64)
Safari (macOS) Version 26.4 (21624.1.16.11.4)
Safari (iOS) 26.4.1

The release notes state ā€œFirefox users were logged out unexpectedly on page refresh, and tooltips and contextual popovers stopped working throughout the interface. Both issues are resolved.ā€, but I’ve noticed no improvement across these browsers.

Except perhaps that there’s no ā€œsession timeoutā€ popup any more when being logged by a page-refresh.

I just tested 150.0 (64-bit) Firefox on a fresh install of 26 Beta in a VirtualBox VM and I don’t have the issue upon hitting F5. I stayed logged in. I don’t recall if Safari was ever tested

Chrome Version 147.0.7727.102 (Official Build) (64-bit) is working fine on F5
Edge Version 147.0.3912.72 (Official build) (64-bit) is working fine on F5

Adding my system is Windows 11.

I just tested iOS with Safari and it works too. Same version of iOS as you.

Interesting! Thanks for testing again. I’m still seeing the behaviour, so now I’m wondering if there’s a setting that was migrated (or untouched) during the TrueNAS update to 26 Beta. I do remember applying an extended session timeout in 25, and I can’t see that option available now in 26 under ā€˜System > Advanced > Access > Configure’.

It looks like it moved. Click on your admin user on the upper right like you are going to log out. You should see Preferences option. You can use the search bar at the top of the GUI dashboard to help find items. I did a search for timeout

Cheers for that, seeing the setting now. My session timeout was set to 7200 seconds, and reducing it to the default 300 seconds made no improvement.

I’ve even tested from multiple domains, including: hostname.local, 192.168.x.x, hostname.tailnet.ts[dot]net, 100.x.x.x. All exhibit the same behaviour - refreshing the page redirects to login, and no auto-login triggers.

Can anybody else confirm? If not, I may just have to do a fresh install to see if it resolves my issue.

How did you end up on 26 Beta? I want to try to do an update to the Beta from a prior version using a VM and see if I can reproduce it before you do a clean install.

Aha! I figured it out - disabling global 2FA did the trick!