Skip to content

Known Limitations

Backups And Exports

Backup files and user exports are not encrypted by BillTracker. Protect mounted volumes, downloaded files, and transfer channels.

Session cookies recognize X-Forwarded-Proto: https. The current CSRF cookie code uses Express req.secure for its Secure flag decision, while the server does not currently configure Express trust proxy. Verify Set-Cookie behavior when TLS terminates upstream.

SQLite Deployment Shape

BillTracker is designed as a single-service SQLite application. Do not run multiple app replicas against the same SQLite file without evaluating locking, backup, and migration behavior.

Admin And Host Access

The protected bootstrap admin cannot browse user bill records through normal app routes. A server operator with filesystem access or the ability to download a full database backup can still inspect SQLite data outside the app.

Optional External Services

SimpleFIN, SMTP, OIDC, ip-api.com (only when geolocation_enabled is on), and update checks contact configured external services. They are optional, but they are not offline features.

Session Token Re-login (v0.37)

Migration v0.94 hashes all session tokens at rest. As a consequence, every existing session is deleted on first startup after upgrade. Every user — including the bootstrap admin — must log in once. Configure SESSION_CLEANUP_INTERVAL_MS and the daily worker schedule so the migration runs in your maintenance window.