358 introduced a bug where client cookie sessions are created with short expiration, which is not extended later and the session expires in a few minutes, logging the user out.
The session was supposed to be extended at the cookie entrypoint, when the auth code is exchanged for a cookie (same as with OAuth token request), but there seems to be no code doing so.
Solution
[x] Extend client cookie session at the cookie entrypoint (similarly to the refresh_session method in OAuth token request).
[x] Make sure the root session gets extended too.
[x] Make sure client cookie sessions are periodically extended during introspection.
Issue
358 introduced a bug where client cookie sessions are created with short expiration, which is not extended later and the session expires in a few minutes, logging the user out.
The session was supposed to be extended at the cookie entrypoint, when the auth code is exchanged for a cookie (same as with OAuth token request), but there seems to be no code doing so.
Solution
refresh_sessionmethod in OAuth token request).