The cookie "secure_cookies_exist" is supposed to cause a redirect to https so that secure (session/auth) cookies will be sent. Unfortunately it's missing an expiry time, making it a (browser-)session cookie, meaning that after the browser is closed and re-opened, the user is still signed in, but won't appear to be so until they browse to https of their own accord.
The cookie "secure_cookies_exist" is supposed to cause a redirect to https so that secure (session/auth) cookies will be sent. Unfortunately it's missing an expiry time, making it a (browser-)session cookie, meaning that after the browser is closed and re-opened, the user is still signed in, but won't appear to be so until they browse to https of their own accord.