The previous bug I described here and here (and in GitHub) was ignored by the Brave team, but it doesn’t seem to stop there: now, I frequently get some sort of ID confusion when I log in.
Steps to reproduce:
Open the Gmail login page
Choose an account
I’m expecting to see the password form
Instead, I get a form asking me my account email
I also get mobile notifications that someone has tried to log into my Gmail account, so Gmail thinks I used another browser to log in
It’s been happening on a daily basis for a while, in the latest versions of Brave (currently Brave 1.84.141 (Official Build) (64-bit). The OS is Windows; I haven’t checked on Linux this time.
So it seems that the information it takes from the cookies is corrupted again, but this time from another angle.
Reloading the login page works around the problem, like before, but as long as this problem isn’t solved at the core, those problems will keep cropping up.
I’m expecting the same sort of response as before, but at least I’ll have reported the bug.
Did you mark the solution on that or was it Steeven that marked it? Regardless, that seemed like it was indicated to be a cookie issue. And as you kind of alluded to, this isn’t something other people are reporting which makes it seem isolated.
If it’s just you and nobody else is replicating the problem, there’s not much for anyone to do. It’s pretty much having to figure out what’s different on your device and/or account.
I promise I read everything, but I also absorbed a lot of other details on other issues. And I don’t feel like trying to reference back to each link now. So forgive me if I relist anything you already reported, but just off the top of my head here:
Have you tried pulling histograms? When I was just skimming through your Github and wasn’t seeing any types of logs or anything.
Ever try on Brave Beta or Brave Nightly.
Did you try on new browser profiles? (clean profiles, no extensions or settings changes)
I’m also noticing various reports from people on different browsers, especially those trying to automate logins for testing and development purposes. Some of the articles I read had people say that making sure to always enable 2FA resolved it for them.
I just wish I knew what was setup differently on your devices or network where you might be experiencing the problem more than others. And in different ways than even those other problems that was brought up before.
Let me add in @steeven since he was trying to help before, but also @Mattches as he’s the primary Browser Support person. Just keep in mind likely won’t hear back until next week.
I forgot to mention that I also get mobile notifications that someone has tried to log into my Gmail account, so Gmail thinks I used another browser to log in (this cookie problem again?)
I marked it a solved because it changed form / stopped happening again (besides, it was obviously pointless). What’s remarkable is the symptoms or the nature of the bug shifting with time:
when the bug “Gmail has logged me out” (2) appeared for me in August/September, and until it was fixed, I never experienced bug (1) any more
after (2) was fixed mid-September, bug (1) reappeared
recently in November, bug (1) stopped again, exactly when this new bug “identity lost” / “new browser detected” (3) started to appear
I doubt I’m the only one who has those problem, since it’s occurring on several PCs, several OSes, several places, several accounts. A few responded both here and on GitHub, but, in general, most users don’t bother reporting bugs unless it’s really blocking.
Maybe a difference is the multiple accounts: I have 3, sometimes 4 Gmail accounts at the same time for separate things. It’s supported by Gmail, not a problem for other browsers like Firefox or Chrome, and used to work well on Brave too.
Thanks for your suggestions. If there’s specific logs or data that would help identify the problem, I’d be glad to provide them.
Some answers / further details:
What histograms?
I’m not using nightly or beta, only the “stable” version. It’s been ongoing for months, so several version have been passing by.
I haven’t tried new profiles on the same system, but I have the same problem with a fresh installation of Brave on Linux or another system, so we could say it’s more than just a new profile.
I tried without shields, but it doesn’t change anything.
I haven’t tried to change brave:://flags to fix/test
I’m not using a proxy or a VPN (at least when this occurs)
Rather than making one very long reply, let me break this up into separate. Here’s the first bit…
I honestly am wondering if it might be some different issues that just happened to occur. Such as the one being the change that was made by Google and that Brave had to adapt to, where boundsessionstorage was expiring. Then when that resolved you saw improvements, but then other issue popped up again.
This type of thing happens on occasion when updates are done. Basically with Brave’s fingerprint protections and then OS or browser update, it can cause websites to see “too many differences” and decide that maybe we’re using a different device.
I have had websites where I check the boxes to keep me logged in forever, but they’ll tend to have the cookie expire every few updates or so. And when I login, it will maybe me go through their 2FA. On browsers like Chrome where no fingerprint protection is in place, this issue never happens.
So this might be the usual bit from the fingerprinting being blocked, but then perhaps still experiencing an issue where Google is getting you logged out.
Right, because that issue was due to some backend changes made by Google or Chromium, I forget which or if both. They got this fixed for Windows at least. So this problem went away, but then kind of shifted to your other one.
These two go together. Histograms is brave://histograms. It provides some details that can help figure out specific types of issues. In the prior situation, they were using it to check what’s happening when people were getting logged out. I’ll do two quotes as bullet points below:
and on logout issue please look into brave://histograms/Net.DeviceBoundSessions histograms. If there’s Net.DeviceBoundSessions.DeletionReason , would be nice to see it. If possible, you can dump all found histograms from this page, maybe something will highlight the issue..
Pls make sure to look into both of these histogram pages the moment logout happened (histograms are cleared on restart).
So you’ll see their instructions was having you go to more specific areas of histograms the moment you get logged out, if you’re in the same session. If you had exited or restarted the browser, the information would be gone.
Also to note, there is still an open issue here where some had been reporting, but it’s primarily Linux. Those on Windows ended up saying the issue went away, sometimes after clearing all cookies or just by switching browser profiles.
The idea here is to get you to install and use them to see if the issue happens on them as well. They are their own installations of Brave that don’t touch the others. And they are future versions making their way. By checking if it happens on those, it helps narrow down if it’s version specific. Or at least paints a clearer picture about what might be happening.
This can be good to do. I understand you’re experiencing this on different devices. But let me ask, are you syncing them? Or running all the same extensions? If so, that would be problematic.
The idea of testing with a new (fresh) profile is that the majority of settings are back to default and there are no extensions. So if it’s an extension, bad setting, or some corruption of the main profile but otherwise things work well, then the new browser profile should work well. Again, just is a way to help narrow down the potential issues by ruling some things in particular.
So overall not talking about needing to change anything, but more about asking if you have already. Is it all on default or have you changed anything in there? Again, just confirming that nothing was changed that could impact anything.
But if they are seeing new IP address in combination of other minor device changes, it could be logging you out because of suspicious activity on their end. They don’t know if someone was trying to hijack your session login or whatever else.
You can find articles from people all over the place for many years that kind of point to the headache of Google getting them logged out while using VPN, such as this one from 2019. I found others but when I was trying to pull links, I’m getting a lot of junk articles, so just going to stop there. You can try to look for some if you want, but otherwise I guess is a “trust me bro” moment, lol.
Anyway, this again was just trying to look if there had been VPN usage on those Google accounts or devices, even if not in the exact moment.
I need to iterate the extensions question. There’s got to be a common factor since it persists the way you are insisting.
What extensions do you have installed? I do understand you’re not using a VPN which was one of the question I was going to ask. But I suspect an extension is causing something.
(Likewise, while I have it enabled here and am not running into issues, I also don’t run into really any of the issues others run into with this one setting on, but is Fingerprint Protection enabled?)
I’m not syncing them, and I’m not using any extension. Well, right now I’m using extensions only on Windows, but I’m disabling them when I see a bug to rule that out, and I’ve never installed any extension when I did tests on Linux or on another Windows laptop: those were fresh and standard installations.
To be frank, I don’t even see a menu to switch/remove/sync profiles. All I can see is “Profile name and icon”, but that’s cosmetic.
Same for shields: I don’t see any menu to show where it’s currently disabled. I see that part of the Shields settings are hidden under “Privacy and security”, instead of being under “Shields” as one would expect. There’s a “Sites listed below follow a custom setting”, but when I exclude a site like Gmail, it doesn’t show below; that list is always empty (so this seems bugged as well). I’m pretty sure I saw a list of disabled URLs somewhere, but I can’t seem to be able to stumble on it any more.
Brave’s confusing menus don’t always help when there are problems…
My two main leads are the multiple accounts and one suspicious setting I just saw was ON: Extensions / Allow Google login for extensions. I’ll switch that off and see if that makes any difference.
I have that sometimes on the first account I log in, so others should have that problem, too. Unfortunately, too few people bother to report those things.