Page 1 of 1
[BUG] Login cookie expires too soon (even if remember me is checked)
Posted: Thu Apr 30, 2026 5:04 pm
by Bit
We need to fix this, because session ends after an hour.
Also, all cookies are not using secure flag which is compromising the security of the user in case of xss injection.
Re: [BUG] Login cookie expires too soon (even if remember me is checked)
Posted: Thu Apr 30, 2026 5:57 pm
by Richterlevania3
For me it's even weirder: if I check the remember me option, it won't let me login at all, saying my password is wrong and throwing captchas at me.
Re: [BUG] Login cookie expires too soon (even if remember me is checked)
Posted: Sat May 02, 2026 2:05 am
by Kestrel
Admitadly we have not done a great job of handling the forum SSO and login features.
We should have those fixes to the session timeout and Secure flag set now. Could you confirm when you get a chance?
Re: [BUG] Login cookie expires too soon (even if remember me is checked)
Posted: Sat May 02, 2026 9:10 am
by Bit
Unfortunately, it's still not fixed as the tw_sso cookie which controls the duration of login session is still only 2 hours long.