Android app version 1.4.18 requests login credentials too often

Peter_Kara · April 12, 2024, 1:46am

On April 8 2024 I received an update to dynalist app on my android phone (pixel 6 with aprilsecurity update). Viewing the app version, it says 1.4.18.
Since then it asks for login credentials too often
Steps to reproduce:

Open dynalist app (prompted for login)
Clear dynalist app from memory (by pressing recents button, then swiping up on dynalist) (*)
Open dynalist app again (prompted for login AGAIN)

(*) Note even if I didn’t manually clear the app from memory, android would do it automatically when it needs memory. So the manual step 2 is not necessarily a prerequisite to the problem recurring again and again during routine usage of the phone.

Jayden_Navarro · April 10, 2024, 9:06am

Happening to me as well. I’m using the web app in the meantime until this is fixed. Hopefully it gets resolved soon.

PeteC · April 10, 2024, 5:43pm

Same with me but it doesn’t even seem to need to be removed from memory to require login. If I start by tapping the icon it always wants login again and sometimes does even when I select it from the running app list.

Totally unusable it its present form.

Jayden_Navarro · April 10, 2024, 9:08pm

I tried downgrading to 1.4.17 (from 2022) and it has the same issue, so it’s possible something has changed server-side that’s impacting the mobile app.

Shida · April 10, 2024, 9:09pm

That’s weird. I haven’t touched the server code in a while so that shouldn’t be an issue.

Could you guys try completely uninstalling and reinstalling?

Jayden_Navarro · April 10, 2024, 9:52pm

I’ve tried fully uninstalling, restarting my phone, then reinstalling, and the issue remains.

Shida · April 10, 2024, 11:37pm

Ok I was able to reproduce this problem after relogging on my dev app - this is a new Android OS bug where the cookies only gets saved after 30s.

Once you login, keep the app open for over 30 seconds and that should properly save the cookies. From there on the subsequent restarts shouldn’t have this issue.

@Jayden_Navarro Since you say this also happens in the older version from 2022, this must have been happening for a while already. I guess somehow the update forced a re-log for this user which is now running into it.

Let me know if you guys are able to work around this by waiting 30 seconds.

Jayden_Navarro · April 11, 2024, 4:16am

@Shida I tried keeping the app open for multiple minutes after logging in but the issue is still happening.

Jayden_Navarro · April 11, 2024, 5:00am

The “wait for 30s” trick seems to work for 1.4.17, but on the most recent code version it doesn’t.

Arty · April 11, 2024, 7:13am

I experienced similar issues after updating to 1.4.18, but after reverting back to the previous version, 1.4.17, everything started working properly again. So, it’s definitely related to the changes in the latest version.

Jayden_Navarro · April 11, 2024, 7:48am

1.4.17 just logged me out again. I have no idea how to consistently avoid this on either app version.

Jayden_Navarro · April 11, 2024, 8:14am

I was mistaken. The Play Store updated my sideloaded app from 1.4.17 to 1.4.18, which caused the issue to recur. So similar to @Arty, the app is working properly on 1.4.17 (though I did have to wait for 30s for the cookie to save, if I closed it earlier it wouldn’t keep me logged in even on 1.4.17).

I’ve disabled auto-updating for the Dynalist app, so hopefully it doesn’t break again in the near future.

Shida · April 11, 2024, 12:42pm

The latest version has no code change at all, and I’ve only bumped the target SDK to 33 as required by the play store to keep the app available, so I’m looking into potential target SDK upgrade issues today.

Shida · April 11, 2024, 1:14pm

This is now fixed with a server-side change. The issue was that our server is using an old framework that didn’t support the new “SameSite” attribute and the Android app loads its code locally from within the app. Android 12 (SDK 31 and above) mandated the use of SameSite for cookies which meant that our login cookies were dropped since it’s loaded from a different domain (dynalist.io) than the app’s local code.

I’ve added the SameSite cookie attribute and this seems to have fixed the login issue for me on the latest app version - can someone confirm?

(Remember to keep the app open for 30s after, that bug is in the app!)

Shida · April 11, 2024, 1:16pm

I have a separate fix for the 30s wait issue that I will release in the next play store update.

Jayden_Navarro · April 11, 2024, 1:39pm

Can confirm it’s now keeping me logged in on version 1.4.18. Thanks for fixing!

Shida · April 11, 2024, 2:03pm

Perfect, thanks for your help testing. I will push out an update soon to remove the need for the 30s wait.

Peter_Kara · April 12, 2024, 1:48am

Yes, fixed for me too as long as app was open for 30 seconds after initial login before I clear it from memory. Once I’ve done that initial login for more than 30 seconds then everything works fine even if I open app for less than 30 seconds in later sessions.

By the way that was very fast response. It’s a great app and I appreciate the good work you do.
Thanks!!

PeteC · April 12, 2024, 7:55am

Fixed for me too. Many thanks to @Shida for the rapid respose.