Streaming live at 10am (PST)

Current user gets logged out when the previously logged-in user opens the login page

We’ve been having this issue for quite a while in our team at work, where we are constantly getting logged out for no good reason. We finally managed to find an explanation and the steps to reproduce the issue, so here it is.

Here are those steps:

  1. User A logs into a Webflow account (ex.: my@email.com).
  2. User A closes Webflow without first clicking the Sign Out button in Webflow.
  3. User B logs into the same Webflow account (my@email.com)
  4. User A opens Webflow.com, and is redirected to the login form with a message saying he’s been logged out because someone else signed in to the same account.

Here is the issue:
When User A opens Webflow.com in step 4 and is redirected to the login form, even if he does not attempt to login, User B is also logged out automatically.


This might not seem like a major issue for some, but in a team with multiple members and multiple Webflow accounts, we constantly find ourselves getting logged out and losing some of the things we were working on.

I don’t know how the authentication system is set up, so I don’t know if this issue is much more complex than it really seems, but either way, I hope this can be resolved fairly quickly.

Thanks!

Hey @EmileP, you’ll have a better experience by looking at the team plan for Webflow. Your experience with multiple people logging into the same account is not an error but a feature implemented by most login systems (can’t have 2 or more people logged into the same account at the same time).

https://webflow.com/pricing#account and click on “Team Plans”

Lastly, keep in mind that if you plan to work on the same website at the same time via the “Designer” a team plan won’t matter as only one person can access a site at any given time.

Hi @flowpros,

We are on a team plan, and I understand the concept of not allowing two users to be logged in at the same time, but this is not the issue that I am pointing out. Please read the steps my original post carefully, and you will likely understand what the issue really is…

Here is an example of the issue being reproduced, maybe that will help:

@EmileP Thanks for providing the video. It further validates my point. Let me try to dig a little deeper to help.

In both instances, you’re logging into the davidp@…account. In the first step you login as davidp and then navigate to a team account that davidp has access to. At this stage, you feel like you’re in “THE” team account. Instead, you’re merely accessing that team as davidp…meaning, you’re still logged in as davidp. Then, when someone else attempts to login as davidp, it kills the original session.

An account needs to be created for each individual person.

Does that make sense?

@EmileP just one more quick note…notice how Patrick and Kim have access to the team account and were performing actions. They have their own account. Clearly “davidp” also has access to the team. So, whomever the 2nd person is that’s attempting to login as davidp at the same time as davidp needs to get their own individual Webflow account (free version) and then be added as a member of the team (paid team member).

@flowpros Thanks for your response.

We are currently set up with multiple accounts, all in the same team as you said. We have one account per designer in the agency. However, I feel like you have not grasped the root of the issue - perhaps my examples and explanations were too vague.

Here is a different example that might better illustrate the issue.
Just to make things clear, in the following scenario:

  • Designer A has his own Webflow account.
  • Designer B has his own Webflow account.

Designer A works on a shared computer in the workplace, on his own account. At the end of the day, he closes his browser and turns off the computer. The next day, Designer A starts working on a different computer. When Designer B opens the same shared computer and opens webflow.com, he will be redirected to the login page with a message saying that he has been logged out. This is the normal and expected behavior. However, when that happens, Designer A is ALSO logged out of his account on his own computer. If he was working on anything that isn’t saved automatically, like custom code or collection items, those changes will be lost.

No login attempt has been made, but the last used account on that computer will get logged out regardless.

It does not matter if Webflow was last used an hour or a week ago: the last used account is always logged out when you open Webflow and are redirected to the login screen.

Hi @EmileP, I can assure you, I am grasping the issue just fine. What’s happening is that when Designer B opens the machine the next day the session for Designer A is still present on that machine.
The solution to this is that Designer A needs to logout of his/her Webflow session before closing the browser.

However, to further explain…when Designer A, being already logged in on a different machine and having a still open session on Designer B’s computer (before Designer B logs in), Webflow immediately triggers a security alert and kills Designer A’s session (that they didn’t know still existed) on the first machine and subsequently the session they are actively on at the moment.

Simply have your Designers log out of the machine they are working on at the end of each day, if they are sharing machines. Otherwise, this security feature will continue to feel like a bug.

Lastly, I took a few minutes to describe the entire thing in video that may be helpful:

@flowpros Thanks for taking the time to record this detailed explanation in video form!

Apologies for the long back and forth, I just wanted to make sure we were talking about the same thing.

I understand your point now that all active sessions are killed, not just the first one, and that this is indeed a security feature that is working as intended. I will communicate this information to my team.

Have a nice day!

Good morning, @EmileP. It’s my pleasure. You have a nice day as well!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.