Persistence of user login credentials

[shininghero]

Currently user credentials do not have any caching or storage applied to them. As a result, when the app is closed, either through user action or the OS closing it to make room in memory, credentials are lost and need to be reentered into the app.

This is somewhat annoying, especially if the password is 32 chars long and intended to be auto-typed by the password vault instead of the user.

[Nutcake]

This shouldn't happen, user credentials are definitely cached. What device do you run and what's your OS version?

[shininghero]

I'm running Android 11 on a Pixel 5.

[shininghero]

After some further poking on my end (and also a long overdue OS update), I think I found the cause. It's partly work firewall related.

Most firewalls halt outbound stuff by intercepting and replying with TCP reset packets. ReCon is seeing this, but handling it the same way as an incorrect password.

To reproduce:

• Login via LTE or other unfirewalled network
• Close app via swipe or other method
• Switch to firewalled network that blocks calls to api.resonite.com
• Reopen ReCon

Granted, most people don't deal with corporate firewalls, but this may happen on coffee shop networks (Starbucks, Dunkin, etc.) if Recon connects before the user finishes with the captive portal. I've got lunch in 30 minutes, and can test this.

[shininghero]

Testing completed at my local Dunkin. Results are inconclusive.
Their captive portal is misconfigured and not properly blocking/intercepting traffic prior to sign-in.

[Krzeszny]

In my case, the app only asks me to log in when I open it without an internet connection. But I can restart it while connected and it doesn't ask for credentials again.