Hello,
I would like to report a reproducible authentication issue in
TrueNAS SCALE 25.10.1 that only affects Firefox.
Summary:
In Firefox, the TrueNAS WebUI loses authentication whenever a new
browser document context is created (reload, new tab, URL re-open).
The only case that works reliably is duplicating the existing tab.
Environment:
- Product: TrueNAS SCALE
- Version: 25.10.1
- Browser affected: Firefox (clean profile, no extensions)
- Browser not affected: Chromium / Edge
- OS tested: Windows and Linux (CachyOS VM)
Steps to reproduce:
- Open Firefox
- Open the TrueNAS WebUI
- Log in successfully
- Do one of the following:
- Press F5
- Re-enter the URL in the address bar
Result:
The user is logged out or ends up in a non-authenticated UI state.
Expected:
The session should remain valid as long as the session cookie is valid.
Important observations:
- Duplicating the browser tab works reliably
- Reloading or opening the URL normally does not
- Session cookies are sent correctly (verified via HAR)
- No explicit logout request
- No obvious 401/403 responses
What was tested / ruled out:
- Clean Firefox profile and installation
- Private browsing window
- Firefox on multiple operating systems
- Cookies allowed
- Tracking protection disabled
- All Firefox site exceptions tested (cookies, pop-ups, redirects, content blocking) — no effect
- SameSite settings verified
- Cache settings reset to defaults
- No HTTPS interception or antivirus browser extensions
- Hostname and IP tested
- HAR files confirm cookies are present and sent correctly
Other web UIs are NOT affected:
- Proxmox
- OPNsense
- Jellyfin
- Portainer
- Regular internet sites
This strongly suggests that in TrueNAS SCALE 25.10.x the WebUI
authentication is incorrectly bound to the SPA/WebSocket runtime
instead of being re-established from the session cookie on a cold page load.
HAR files are available if needed.
Thanks for looking into this.