The browser is really what decides whether or not it keeps the session cookies, so it really depends on what the browser is designed to do. Normally, it will clear those when being shut down, but there might be specific exceptions to that. For example, if you install an extension in FF and restart it that way, I believe it will keep all of your sessions.
Well, I logged into the forum late last evening. And I left my browser open, though not on the forum page.
This morning, I visited the forum. And I was still logged in.
I read three posts. Then, when I tried to read the fourth post, it showed as logged out.
Having to login after an overnight break is not a big problem for me. But finding myself logged out immediately after reading three posts is a problem.
I believe that is a perfect example of the problem I was describing a few posts back. You were actively browsing around the forums, but the SSO system did not reset your idle timeout.
We have had some of the staff occupied with SUSEcon and the openSUSE Summit, but we are going to discuss our options within the next couple of weeks and figure out which one will best address this issue.
Thanks for replying. I didn’t mention that the browser I use mostly for the forum is SeaMonkey. IIRC it could restore sessions without extension before FF could - I don’t tend to install extensions other than by default. Anyway, under the old authentication, SeaMonkey could automatically restore my forum session on reboot most of the time (not always), after a system shutdown overnight for example, providing I left the browser open at shutdown. I haven’t managed that so far with the current authentication system.
Here’s another minor bug that I see. I’ll describe the most recent case, though I have seen this often.
I logged in yesterday, and used the forum several times. When I tried to access the forum near midnight, I found that I was no longer logged in. Well, no big deal. There would be few new posts anyway, so I would wait until the morning before I login.
So, this morning, I logged into the forums again (actually after restarting browser). And, toward the listing of new posts, I see:
The threads below have not been updated since your last visit but still contain unread posts.
It is quite clear what is happening. Although it showed me as not logged in when I visited near midnight, it also recorded my visit to the site as my most recent visit. In my opinion, that is wrong. If it thinks that I am not logged in, then it should also think that it does not know who is visiting. It is presumably disregarding the cookie that says I am logged in, but still believing the cookie that identifies me.