New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Remember me" option on login page do not always work #778
Comments
"Remember me" depends on cookies, do you clear all cookies when you restart the browser? |
@bkcsoft No I don't. But maybe cookies are being expired in the server side. |
@andreynering Yeah most likely |
This can be closed? |
I still experience this issue so I don't think it should be closed. I just checked the client-side cookie situation with Firefox's web dev tools. I logged in to Gitea a few minutes ago for the first time since before Christmas, with 'remember me' ticked. A couple of cookies are set to expire once session has ended, the CSRF cookie expires after 24 hours, and two other cookies expire after 1 week. I'm guessing at least one of these should be set to never expire. To summarise, my client cookies look like this:-
I do not clear my cookies. I always tick 'remember me'. I am asked to re-login frequently. I've never made a note of how long my login stays 'remembered', I've made a note to do that now. I'm guessing it's after 24 hours, or 1 week. I'll update when I know. Edit: I have been checking each day since last login, and I am still 'remembered' so far, after 2 days. I suspect it will forget me after 1 week but I am making a note of times and cookie status and will report back here in a few days time. |
I can now confirm that as soon as the Is this not something everyone is experiencing? I should probably add, I am currently accessing my local Gitea installation via HTTP until I move it to a new server with TLS. Does Gitea differentiate between the two, forcing shorter cookie life for non-HTTPS? |
I just stumbled upon the sample configuration file,
If this setting doesn't exist in your I suppose this means this issue should be closed. :) |
[x]
):Description
Even if you check the "Remember me" checkbox, you sometimes have to login again after restarting the browser or computer. I think the right behavior should be remembering forever.
---
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: