On April 8 2024 I received an update to dynalist app on my android phone (pixel 6 with aprilsecurity update). Viewing the app version, it says 1.4.18.
Since then it asks for login credentials too often
Steps to reproduce:
Open dynalist app (prompted for login)
Clear dynalist app from memory (by pressing recents button, then swiping up on dynalist) (*)
Open dynalist app again (prompted for login AGAIN)
(*) Note even if I didnāt manually clear the app from memory, android would do it automatically when it needs memory. So the manual step 2 is not necessarily a prerequisite to the problem recurring again and again during routine usage of the phone.
Same with me but it doesnāt even seem to need to be removed from memory to require login. If I start by tapping the icon it always wants login again and sometimes does even when I select it from the running app list.
I tried downgrading to 1.4.17 (from 2022) and it has the same issue, so itās possible something has changed server-side thatās impacting the mobile app.
Ok I was able to reproduce this problem after relogging on my dev app - this is a new Android OS bug where the cookies only gets saved after 30s.
Once you login, keep the app open for over 30 seconds and that should properly save the cookies. From there on the subsequent restarts shouldnāt have this issue.
@Jayden_Navarro Since you say this also happens in the older version from 2022, this must have been happening for a while already. I guess somehow the update forced a re-log for this user which is now running into it.
Let me know if you guys are able to work around this by waiting 30 seconds.
I experienced similar issues after updating to 1.4.18, but after reverting back to the previous version, 1.4.17, everything started working properly again. So, itās definitely related to the changes in the latest version.
I was mistaken. The Play Store updated my sideloaded app from 1.4.17 to 1.4.18, which caused the issue to recur. So similar to @Arty, the app is working properly on 1.4.17 (though I did have to wait for 30s for the cookie to save, if I closed it earlier it wouldnāt keep me logged in even on 1.4.17).
Iāve disabled auto-updating for the Dynalist app, so hopefully it doesnāt break again in the near future.
The latest version has no code change at all, and Iāve only bumped the target SDK to 33 as required by the play store to keep the app available, so Iām looking into potential target SDK upgrade issues today.
This is now fixed with a server-side change. The issue was that our server is using an old framework that didnāt support the new āSameSiteā attribute and the Android app loads its code locally from within the app. Android 12 (SDK 31 and above) mandated the use of SameSite for cookies which meant that our login cookies were dropped since itās loaded from a different domain (dynalist.io) than the appās local code.
Iāve added the SameSite cookie attribute and this seems to have fixed the login issue for me on the latest app version - can someone confirm?
(Remember to keep the app open for 30s after, that bug is in the app!)
Yes, fixed for me too as long as app was open for 30 seconds after initial login before I clear it from memory. Once Iāve done that initial login for more than 30 seconds then everything works fine even if I open app for less than 30 seconds in later sessions.
By the way that was very fast response. Itās a great app and I appreciate the good work you do.
Thanks!!