[Question]: Require login every time refresh

[SailFlorve]

Contact Details

No response

What is your question?

why every time I refresh the web, login required? what should I config?

More Details

and if there is any way to disable user auth system?

What is the main subject of your question?

User System/OAuth

Screenshots

No response

Code of Conduct

• I agree to follow this project's Code of Conduct

[danny-avila]

why every time I refresh the web, login required? what should I config?

This is not the behavior of the app. It's probably due to your cookie handling on your browser.

and if there is any way to disable user auth system?

Yes, you can disable user registration once you are signed up. You can't disable the authentication system altogether: https://docs.librechat.ai/features/user_auth_system.html#disable-user-registration

[SailFlorve]

this should not be the case. I deployed using Docker, but when accessing via IP, it does require a login every time. This was the case even before the SESSION_EXPIRYfields were implemented, and they work fine with https. so it’s not related to them. I’m not sure what the reason is.

[danny-avila]

yes I'm not sure, I can't reproduce and I almost exclusively use localhost (http)

[anes300]

My apologies, I wasn't specific enough. This only happens if I try to connect to the application from another client and not when doing it on localhost. It seems like it's not saving the JWT token on the client. I have indeed setup the SESSION_EXPIRY and REFRESH_TOKEN_EXPIRY to the default values according to the .env.example.

[SailFlorve]

Yeah. It happens when remote client access by IP, not localhost.

[fuegovic]

Yeah. It happens when remote client access by IP, not localhost.

I don't know how to fix it but I was able to reproduce

I host LibreChat on a home server on my local network

• if I access LibreChat through the url https://example.com everything works as expected
• if I access LibreChat through the server local network address http://192.168.xx.xx:3080/ I need to re-login evvery time I refresh the page

[danny-avila]

I know what's going on now after thinking about this more. It's related to this: #471

@fuegovic @anes300 @SailFlorve

The cookies are set to secure in "production" mode, which is the default when you run the server. According to expressjs docs:

secure - Ensures the browser only sends the cookie over HTTPS.

I forget this because they are still sent in a localhost environment. Without cookies, you need to login every time.

After I merge this PR, you can run the cookies in the insecure mode by running npm run backend:dev to start the app. For docker, you change the NODE_ENV in the compose file to development

Related PR: #1088

Please confirm this works

[davecrab]

I'm having this same issue, I've set the NODE_ENV=development in both the .env and docker-compose.override files and rebuilt the image but still getting the same issue. Any ideas?

I'm just accessing this locally on my network via http via safari. Happens both on iOS and Mac

[danny-avila]

via http

you should access it via HTTPS.

NODE_ENV

If you are sure about running in the insecure mode which can expose you to many vulnerabilities, it should be NODE_ENV=CI

[davecrab]

Ok I'll look at setting up https with caddy, thanks for the response!

[itoudium]

Hello. I also encountered the same problem but was able to resolve it.
I am using docker-compose to expose it on my home local network.
It turns out that specifying NODE_ENV was not effective because it is directly defined in package.json, rather than being provided in .env or docker-compose.yml. Instead, I found a workaround by merging the following content into docker-compose.override.yml:

services:
  api:
    command: npm run backend:dev

Thank you for the wonderful product.

[snab43]

Hello. I also encountered the same problem but was able to resolve it. I am using docker-compose to expose it on my home local network. It turns out that specifying NODE_ENV was not effective because it is directly defined in package.json, rather than being provided in .env or docker-compose.yml. Instead, I found a workaround by merging the following content into docker-compose.override.yml:

services:
  api:
    command: npm run backend:dev

Thank you for the wonderful product.

Having the OP issue on my Unraid server using docker. Does anyone know how to apply the above fix in Unraid?

[fuegovic]

It depends on how you deployed using unraid, if you used portainer in unraid you can easily modify the compose file directly in portainer to add this. If you used to the community app, I'm not certain.

[snab43]

I did use a community app, yeah. No worries! Hopefully someone comes across this and knows.

[dadaclonefly]

@snab43
Did you ever figure this out? I'm having the same issue in Unraid using the community app version

[freddong]

npm run backend:dev stopped working.

I have to use

    command: node api/server/index.js

with

    environment:
      - NODE_ENV=development

[danny-avila]

What web app keeps you logged in forever? On localhost you're not going to have refresh token handling, and the ways around it are insecure and not good practice

[svatyvabin]

It works, edit docker-compose.override.yml file , add code blow for api service:

    command: node api/server/index.js
    environment:
      - NODE_ENV=development

the npm run backend:dev command or .env file NODE_ENV=development both not work.

[ghost]

You can simply setup Nginx as reverse proxy and create self signed certiciates. This will work no matter what and is independent if you run LC via docker or npm.

[danny-avila]

Agreed! Also worth mentioning Ngrok for the less technical. It's also great for development.

[rhonyabdullah]

I still having this issue, I'm running on docker for my local machine so I don't care anything, at this moment I just want it keeps logged in if I close my tab or refresh the browser. Here is my current config which not working:

docker-compose.override.yml

services:
  # USE LIBRECHAT CONFIG FILE
  api:
    command: npm run backend:dev
    environment:
      - NODE_ENV=development
    volumes:
      - type: bind
        source: ./librechat.yaml
        target: /app/librechat.yaml

.env

#==================================================#
#                      Others                      #
#==================================================#
#   You should leave the following commented out   #

NODE_ENV=development

# E2E_USER_EMAIL=
# E2E_USER_PASSWORD=

Any help would be appreciated, thanks in advance.

Why I need this refresh ?
: Because currently I'm heavily testing multiple models pulling and removing on the models. Testing those models requires a refresh each time I'm changing the model array (models : default: [ ... ] ) on librechat.yaml

[danny-avila]

This matches what has already been discussed, but whether it takes depend on what commands you are running, and if you are properly cycling down the containers after these changes.

That said, what commands are you running?

[rhonyabdullah]

I didn't notice the command, was just using the restart button from docker desktop

Surprisingly it works now when I'm using docker compose up from terminal and I see this log [nodemon] starting node api/server/index.js

Now refreshing the browser doesn't take me to login screen.

Thanks for your insight @danny-avila !