I have a random issue with HA web login. I have set my HA instance to be accessible from the Internet with SSL certs. It works well for the most part.
The issue pops up with Firefox when my computer sleeps and / or switches networks. I get an error showing the HA UI with an error stating that HA cannot be reached. Console shows the following error
Firefox can’t establish a connection to the server at wss://myhadomain.com
Clearing the browser cache solves the issue (but logs me out).
After logging in again, HA shows the following error in the notification system:
Login attempt or request with invalid authentication from 126.96.36.199
Where the IP address is the external address of the network I’m using for my laptop.
Other devices (mobile, other browsers etc. work as expected, so it doesn’t appear to be a network issue.
I suspect some weirdness in the browser cache, but can’t put my dinger on it.
HA Core is latest 0.105.2 on Home Assistant (Hass.io), with HassOS version 3.9.
Firefox 72.0.2 on OSX. I have not had the same issue on Android or Linux fwiw.
It’s generally not advised to put your dinger on it.
Are you always pointing to your external ip address for HA? Or are you connecting via the LAN ip address from inside the network?
Is HA generating a new Long Lived Access Token each time this happens? Log into your home assistant, click your username on the bottom left and scroll down to Long Lived Tokens. Browsers that you click ‘remember me’ will get a new access token. There will be one for each browser you have done this on, each with their own client id.
You could check your Cookies settings in Firefox. If they are all blocked, add an exception for your domain. It could just not be storing the session info? Just thinking out loud and making things up honestly…
Thanks for your reply! The difficulty is that the problem is intermittent, so likely the issue is not a pure cookie setting.
Your comment did give me an idea though, I should probably look at what sort of cookies are generated normally, when things work (Probably the LLA-token should be present there?) and when things don’t work, which should point me towards the issue.
Please do share any other thoughts you may have!