Prevent Automatic Logout Over HTTP
May 16, 2024

Prevent Automatic Logout Over HTTP

In this blog post, we'll explore the cause of this problem and provide a step-by-step guide to fix it.


Prevent Automatic Logout Over HTTP

Introduction

If you’re running a LibreChat instance on your local network and find yourself being asked to log in every time you refresh the page, you’re not alone. This issue can be frustrating, but fortunately, there’s a solution. In this blog post, we’ll explore the cause of this problem and provide a step-by-step guide to fix it.

The Cause

When you run the LibreChat server, the cookies are set to “secure” by default in the “production” mode. This security measure is intended to protect user sessions and prevent unauthorized access. However, when accessing the instance on a local network without using localhost or HTTPS, this setting can cause the login prompt to appear on every page refresh.

The Solution

To resolve this issue, we need to override the default configuration and set the appropriate environment for the API service. Here’s how you can do it:

  1. If you’re using Docker to run LibreChat, create a new file named docker-compose.override.yml in the same directory as your docker-compose.yml file (If you don’t already have one!).

  2. Open the docker-compose.override.yml file and add the following content:

docker-compose.override.yml
services:
  api:
    command: npm run backend:dev
🔥
Learn more about the docker-compose.override.yml file

Please consult Docker Override to learn more

  1. Save the file.

  2. Restart your LibreChat instance using the docker compose up -d command.

Conclusion

By adding this override configuration, we’re instructing the API service to run in development mode, which disables the secure cookie setting. This allows users to stay logged in even when refreshing the page on a local network.

It’s important to note that directly modifying the NODE_ENV variable in the package.json file or providing it through the .env or docker-compose.yml files may not be effective in this case. The override configuration ensures that the appropriate command is executed for the API service.