I would like to report a reproducible authentication issue in
TrueNAS SCALE 25.10.1 that only affects Firefox.
Summary:
In Firefox, the TrueNAS WebUI loses authentication whenever a new
browser document context is created (reload, new tab, URL re-open).
The only case that works reliably is duplicating the existing tab.
Environment:
Product: TrueNAS SCALE
Version: 25.10.1
Browser affected: Firefox (clean profile, no extensions)
Browser not affected: Chromium / Edge
OS tested: Windows and Linux (CachyOS VM)
Steps to reproduce:
Open Firefox
Open the TrueNAS WebUI
Log in successfully
Do one of the following:
Press F5
Re-enter the URL in the address bar
Result:
The user is logged out or ends up in a non-authenticated UI state.
Expected:
The session should remain valid as long as the session cookie is valid.
Important observations:
Duplicating the browser tab works reliably
Reloading or opening the URL normally does not
Session cookies are sent correctly (verified via HAR)
No explicit logout request
No obvious 401/403 responses
What was tested / ruled out:
Clean Firefox profile and installation
Private browsing window
Firefox on multiple operating systems
Cookies allowed
Tracking protection disabled
All Firefox site exceptions tested (cookies, pop-ups, redirects, content blocking) ā no effect
SameSite settings verified
Cache settings reset to defaults
No HTTPS interception or antivirus browser extensions
Hostname and IP tested
HAR files confirm cookies are present and sent correctly
Other web UIs are NOT affected:
Proxmox
OPNsense
Jellyfin
Portainer
Regular internet sites
This strongly suggests that in TrueNAS SCALE 25.10.x the WebUI
authentication is incorrectly bound to the SPA/WebSocket runtime
instead of being re-established from the session cookie on a cold page load.
Could someone with access to the bug reports please check on this and report back?
Is anyone even interested, or is this bug still being intentionally ignored?
Yes, but first there was not enough information about the tested environment, and the Jira ticket was marked as āClosed Without Changes.ā
It also seems that since no one is opening a new ticket or reopening the existing one, no one really cares.
That is why I created another topic with more information, hoping that someone will be able to open or reopen the bug report in Jira, because it is definitely not fixed at all.
I appreciate the enthusiasm, but if you look at the original ticket it was closed because there was no communication from the reporter for over a week after requesting a debug file and the closing comment even said it could be reopened if more information was provided.
There was nothing stopping that user from uploading a debug and restarting effort on that ticket or any other user from opening a new one, which appears to have already happened, since a fix to NAS-139491 was merged four days ago.
Yes I experience this on Firefox on Linux. Always been issue since using truenas for last year or so.
Was mentioned to be fixed in a recent release but has not changed for me. Even switching between different truenas can cause it to logout when returning to the tab sometimes.
Think it was in release notes for 25.10 was mentioned and was also touched on in the weekly vodcast on youtube. But I tested right away still occurred for me. As it still does. Yeah think I commented on the jira ticket at that time
I donāt see anything in the release notes for the 25.10 series about the firefox issue. There was a mention of Session expiry setting not working but that is a different issue. Listed in 25.10.2 release notes ixsystems.atlassian.net/browse/NAS-138467
The release notes state āFirefox users were logged out unexpectedly on page refresh, and tooltips and contextual popovers stopped working throughout the interface. Both issues are resolved.ā, but Iāve noticed no improvement across these browsers.
Except perhaps that thereās no āsession timeoutā popup any more when being logged by a page-refresh.
I just tested 150.0 (64-bit) Firefox on a fresh install of 26 Beta in a VirtualBox VM and I donāt have the issue upon hitting F5. I stayed logged in. I donāt recall if Safari was ever tested
Chrome Version 147.0.7727.102 (Official Build) (64-bit) is working fine on F5
Edge Version 147.0.3912.72 (Official build) (64-bit) is working fine on F5
Adding my system is Windows 11.
I just tested iOS with Safari and it works too. Same version of iOS as you.
Interesting! Thanks for testing again. Iām still seeing the behaviour, so now Iām wondering if thereās a setting that was migrated (or untouched) during the TrueNAS update to 26 Beta. I do remember applying an extended session timeout in 25, and I canāt see that option available now in 26 under āSystem > Advanced > Access > Configureā.
It looks like it moved. Click on your admin user on the upper right like you are going to log out. You should see Preferences option. You can use the search bar at the top of the GUI dashboard to help find items. I did a search for timeout
Cheers for that, seeing the setting now. My session timeout was set to 7200 seconds, and reducing it to the default 300 seconds made no improvement.
Iāve even tested from multiple domains, including: hostname.local, 192.168.x.x, hostname.tailnet.ts[dot]net, 100.x.x.x. All exhibit the same behaviour - refreshing the page redirects to login, and no auto-login triggers.
Can anybody else confirm? If not, I may just have to do a fresh install to see if it resolves my issue.
How did you end up on 26 Beta? I want to try to do an update to the Beta from a prior version using a VM and see if I can reproduce it before you do a clean install.