Automatic logout

[justinwaltrip]

I've been self-hosting the application via docker compose and tailscale for a few weeks now and I love it. The one thing that keeps bothering me is automatic logout. Often times I will leave the application open while I am working. After some time, the UI will allow me to type in a prompt, but as soon as I hit enter, it will redirect me to the login page and my prompt will be lost. I'm not sure if there's a setting to change this behavior or if there's something wrong with my setup, but I'd also be happy to open an issue for this if it isn't already addressed. Please let me know! Thank you for your help.

Edit: I'm using Firefox browser on Linux

[danny-avila]

Yes this is a common grievance, it's been discussed a lot: #572

It's because we use a secure cookie setup, so if you're using a non-https connection, you will get logged out on refresh. You may be getting logged out of a message request due to low values for session expiry time as well.

You can look into the discussion linked above as well as the expiry values defined here:

https://www.librechat.ai/docs/configuration/authentication#session-expiry-and-refresh-token

Let me know if any of this helps you.

[danny-avila]

@MNLierman i linked 2 separate solutions.

Here is also a portainer setup: #3150 (comment)

[InventoCasa]

@MNLierman are you kidding me, how can you be so rude and disrespectful? This is an OPEN SOURCE project which you can use for FREE, so stop complaining, and instead start implementing the feature yourself and contributing it back to the project!

[MNLierman]

@MNLierman are you kidding me, how can you be so rude and disrespectful? This is an OPEN SOURCE project which you can use for FREE, so stop complaining, and instead start implementing the feature yourself and contributing it back to the project!

Not intending any disrespect
You might be right that I was brash; while sleep deprived, frustrated, and confused on what options could be available to me, my comment, which I've since deleted, voiced that level of frustration. However, I maintain that it is NEVER my intention to ever disrespect anyone. My writing style may not always be what a good Christian saint would consider super polite and positive, and part of that is my sleep deprivation from running multiple business and trying to gain traction in those. However, I would argue that someone voicing frustration, which, situation dependent, may not be super constructive, it doesn't out right mean that person is intending to be disrespectful. I do sincerely appreciate the significant amount of time and devotion a project like this takes. Many people have different ways of writing their thoughts or how they feel, it doesn't mean they were intending to be disrespectful.

NPM Dev mode - Not a great idea
That being said, many others have voiced quite a bit of frustration over this issue, so I'm not alone in this. The docs of LibeChat suggest that if one isn't desiring to setup HTTPS, to instead turn on NPM dev mode. This, honestly, is not a great solution, and according to NPM they advise against this. Here's why: By enabling dev mode, one is changing a lot more than how cookies are handled. According to NPM docs, dev mode is not intended to be used for anything other than active development, it's not only a security risk but it creates other issues.

NPM Dev mode - No automatic handling of crashes
“[nodemon] app crashed - waiting for file changes before starting...”
From the npm docs: “nodemon is a tool that helps develop Node.js based applications by automatically restarting the node application when file changes in the directory are detected.”
This is a big one that I discovered since enabling npm dev mode. If LibreChat crashes, it will not automatically recover and restart. Instead, it will log the above line. In another issue some time ago (don't think it was super recent) someone else asked about this, and someone else replied (not the dev) suggesting that this log entry meant that this was a file permissions issue. Not the case. Npm dev mode, I learned, is meant only for active development and as such, it's configured in the code (behavior cannot be changed) to not automatically recover from crashes and instead wait for a file change. It can be any change; reportedly. According to one person on Stack Exchange, even using touch would be enough to allow it to reboot (didn't test).

Google API Crashes
Further, since enabling npm dev mode, I've been experiencing crashes related to the Google API. I haven't brough tthis up or created an issue about it yet, because due to the work load, I haven't had an opportunity to investigate this and determine if, for some reason, this is related to my environment. I'm the type of person who rarely opens issues on GitHub without first going through my own troubleshooting processes, so that at the very least, I have information on avenues to resolve the issue.

Your suggestion on “just implement the feature yourself”
Easy for you to say, but that would require knowledge and skills far beyond what I have. I'm not naive in coding, but I'm also fairly new to the DevOps space. I know select languages specific to .NET for Windows, some web/CSS/PHP, and not a lot else. Creating an SSL certificate feature for LibreChat or better cookie handling feature http use on a local network is beyond my capabilities. If the dev, or anyone else is interested in developing the feature, I could offer what assistance I'm capable of, and I would actually suggest it may be better to package a lite version of Nginx with LibreChat, and then LibreChat offers to the user this option, including a command to generate the certificate. I also noticed that LibreChat uses default keys hard coded into the config files, and I would suggest that instead, upon initialization of the database and creating a user account, LibreChat generates keys and writes them to the config file, or creates a "env.d" style dir and writes a config file there. Using such default keys should be easily avoidable and should be generated when the account for the user is created.

Here's what I did instead / My solution
This is where my limited knowledge of npm and development really shows. I am unsure if there is a better method, but essentially my goal is to keep LibreChat logged in on refresh, logout after a couple of hours – thus protecting my data, and auto-restart on crash – I'm not actively developing on LibreChat and have no use for the nodeamon file change watching feature.

Allowing auto-restart on crash:
As I mentioned above, backend:dev isn't the greatest idea, but NPM has certain behaviors with https and http. So to workaround this, we use dev, but then LC won't restart on error/crash and requires manual restart – which is different in production where it will restart on error. To get this same restart behavior to keep the app up in case of error, we have to get rid of the nodemon that NPM uses.

Also, because NPM actively will block certain commands in the command field of the docker-compose file, as my experience has shown, and they attempt to avoid using the package.json modifications you might make, I have to come up with a creative way of getting that changed file inside the container. First,
change backend:dev line in package.json to: "backend:dev": "cross-env NODE_ENV=development node api/server/index.js", in packaage.json. Then copy it to the logs folder. Then, change your Docker-Compose file's command to this:

      command: >
      sh -c "echo 'cp -f -v /app/api/logs/package.json /app/package.json && npm run backend:dev' > /tmp/dockercmd.sh && chmod +x /tmp/dockercmd.sh && sh /tmp/dockercmd.sh"

Now it will use the new backend:dev command we defined without nodemon which will allow it to restart on app crash.

Making LibreChat logout after 4 hours by changing .env:
SESSION_EXPIRY=1000 * 60 * 240
REFRESH_TOKEN_EXPIRY=1000 * 60 * 240

Another solution:
As NPM developers say that the automatic logout session expiration cookie handling is a feature intended to protect the security of a production app, one could spin up a Caddy or Nginx Proxy Manager image and create a self-signed SSL cert, and attach it to the proxy config you make for LibreChat:

openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout private.key -out certificate.crt -subj "CN=localhost" -addext "subjectAltName=DNS:localhost,DNS:server.lan,IP:192.168.1.100,IP:2001:db8::1"

This creates a 5 year self-generated SSL cert with the subject alt names of your server, so that no matter how you decide to access it, whether by name, IPv4, or IPv6, you won't have an NPM issue. It's important to say, I haven't done this yet, I've only looked up the best way to go about this as recommended by NPM devs themselves.

– Mike

[davecrab]

If you use the tailscale serve command you can create an easy reverse proxy to setup a https port for it to get around that. I found it easier than any of the other reverse proxy options

[vmajor]

...I feel like I am on StackOverflow. Anyway, I too do not want to appear rude and the project appears to be working really well for many, and it is certainly feature rich, but it is taking me longer trying to figure out how to make it work for me than writing my own GUI focused on my own needs - a UI for local LLM with MCP support. I'll redirect my energy back to that. I almost have the async loop issue sorted out (injecting MCP output into the response).

[MNLierman]

It depends on what you're trying to accomplish. My posts can be a bit wordy, and I was trying to address a specific problem, but generally, the dev is right, the best way to avoid this auto logout / timeout issue in the first place is to setup any type of HTTPS certificates, such as through Nginx Proxy Manager or even Cloudflared, which are dead simple to setup. I personally, didn't want to do any of that just yet, and that's how I landed on the solution that I provided. I will say though, that LibreChat is running solid for me since the changes I've made. Now that I have had an extended amount of time with LibreChat, it's quite awesome, it's extensible, though I haven't quite figured out how to extend it to AI APIs outside of what the dev has already documented – but this is more so because I have been busy haven't gotten a chance to follow the doc on endpoints, but several people here have provided example code for endpoints they've set up.

If you have any questions, I'd be happy to provide whatever answers I have, tho I'm no expert in LibreChat, but when I was first setting it up, I believe I felt a little bit how you are right now where I was debating if this was too complicated and/or too time consuming for my needs. I'm happy I stuck with it, it's a great AI solution.

[vmajor]

@MNLierman I have one off-topic question, I cannot get my custom endpoint to be seen by the latest Libre Chat and I am afraid to ask. I simply do not have the required patience or desire or willpower to read through the documentation and several config files and try to understand why am I only seeing OpenAI models when all of them are commented out/deleted in all the config files.

I have this in librechat.yaml and it is entirely ignored:

endpoints:
  custom:
    - name: "llama-server"
      apiKey: "1234"
      baseURL: "http://host.docker.internal:8080/v1"
      models:
        default: ["QwQ-32B"]
        fetch: true   
      titleConvo: true
      titleModel: "QwQ-32B"
      summarize: false
      summaryModel: "QwQ-32B"
      forcePrompt: false
      modelDisplayLabel: "QwQ-32B"

[fuegovic]

@vmajor

• Make sure you've set up the override, see: Custom Endpoints
• Validate your file: https://yamlchecker.com/
• Don't forget to include the version at the top of the config:

version: 1.2.1
cache: true

endpoints:
  custom:
    - name: "llama-server"
      apiKey: "1234"
      baseURL: "http://host.docker.internal:8080/v1"
      models:
        default: ["QwQ-32B"]
        fetch: true   
      titleConvo: true
      titleModel: "QwQ-32B"
      summarize: false
      summaryModel: "QwQ-32B"
      forcePrompt: false
      modelDisplayLabel: "QwQ-32B"

• Use docker compose down followed by docker compose up to apply the changes
• Check your logs for more details if needed

[vmajor]

Thank you for the speedy reply. I got it to see 'llama-server' by incorporating overrides directly into 'docker-compose.yml'

but there appears to be a fundamental incompatibility between the OG local LLM server, llama.cpp and llama-server that I do not remember how I navigated when I ran R1 with LibreChat, or something fundamental changed since.

when I include:

models:
        default: ["QwQ-32B"]
        fetch: false  

llama-server never receives a request, but LibreChat complains with the following:

LibreChat         | 2025-03-11 03:32:30 warn: [OpenAIClient.chatCompletion][stream] API error
LibreChat         | 2025-03-11 03:32:30 error: 
LibreChat         | 2025-03-11 03:32:30 error: [handleAbortError] AI response error; aborting request: Connection error.

yaml is valid.

LibreChat refuses to talk to llama-server on both the endpoints:

http://localhost:8080/v1
http://localhost:8080/v1/completions

and gives me this error instead:

LibreChat         | 2025-03-11 03:32:30 warn: [OpenAIClient.chatCompletion][stream] API error
LibreChat         | 2025-03-11 03:32:30 error: 
LibreChat         | 2025-03-11 03:32:30 error: [handleAbortError] AI response error; aborting request: Connection error.

To me it looks like a routing error so I think I will not point it to the host URL, but docker proxy URL and see what happens.

[vmajor]

yea, instructions are wrong somewhere, or something changed, or I am just stupid in any case I wasted my entire morning getting to this stage. I hope it helps others who want to run their local custom quant models on apple silicon, or llama-server in general.

# Configuration version (required)
version: 1.2.1

# Cache settings: Set to true to enable caching
cache: true


# Definition of custom endpoints
endpoints:
  custom:      
    - name: "llama-server"   
      apiKey: "1234"
      baseURL: "http://host.docker.internal:8080/v1"
      models:
        default: ["QwQ-32B-Q6_K.gguf"]
        fetch: false
      titleConvo: true
      titleModel: "QwQ-32B-Q6_K.gguf"
      summarize: false
      summaryModel: "QwQ-32B-Q6_K.gguf"
      forcePrompt: false
      modelDisplayLabel: "QwQ-32B"

[sesch29]

Very long discussion. What is the shortest way, of configuring/using LibreChat locally via docker without getting kicked out after 15min? I guess many users (as I do) need a short copy/paste solution for that. There was one in the documentation, but after my latest update (after some months) it isn't working anymore and I don't find anything similiar in the current documentation.

tl;dr: Plz, provide a short copy/paste solution for docker-compose, to prevent loosing the session.

[stdeson]

Here is a simple solution, you can edit your docker-compose.override.yml file based on the example:

services:
  api:
    environment:
      - NODE_ENV=development  # Allow cookies to be transmitted over HTTP, avoiding login issues due to missing cookies
    volumes:
      - type: bind
        source: ./librechat.yaml
        target: /app/librechat.yaml
    command: node api/server/index.js  # Directly start with node instead of using npm run backend

Then run docker compose down and docker compose up -d