2FA Failing for Users + No Session Timeout in Retool Cloud (Business Plan)

Current plan level: Business
Monthly/Annual: Annual
Version of Retool: Cloud

Question / Issue

We're seeing two potentially related issues with 2FA and session management in Retool Cloud:

1. Frequent 2FA failures

About once a week, I have to reset 2FA for a user because their code from the authenticator app is rejected.

  • I've verified they're using the correct code.
  • This issue affects users across different authenticator apps (e.g., Microsoft Authenticator, Okta Verify) and device types (iOS, Android), so it doesn’t seem isolated to a specific platform.

2. Session doesn't expire

On the flip side, I personally haven't been prompted to log in to Retool in over 2 months — despite using it daily.

  • Based on Retool's self-hosted docs, the max session length is supposed to be 1 week.
  • I can’t find a similar doc for Retool Cloud, but I’d expect some session timeout for security.

Why I’m posting

These issues make me think there might be something off on Retool’s end with 2FA or session management.

Has anyone else experienced this?
Any ideas on:

  • Why 2FA codes might stop working?
  • Whether max session limits are actually enforced on Retool Cloud?

What I’m hoping to resolve

  1. Prevent users' valid 2FA codes from failing randomly
  2. Ensure session timeout settings are respected for security

Thanks in advance for any insight or guidance!

1 Like

Hey @sgodoshian - I've been keeping an eye on this for a while now, but don't really have any particularly meaningful insights. Do you still find yourself needing to regularly reset 2FA for any users? I see a fair number of error logs for one user, in particular, over the past month or so - most recently on April 17.

As far as sessions on the Cloud is concerned, I'm not actually sure what the intended duration should be. I think JWTs should expire after 3 days, but that might just be fore Google SSO. Can you open up your dev tools and take a look at your accessToken cookie?