Web client initiates new sessions, requires verification all over again

[eblanshey]

Description

I finally got someone to try out Riot, and although the signing process worked, every couple hours when they went back to the web client, it asked them to verify. Only later on did I go to the list of verified sessions to see that it was creating a new session every time. See image: https://user-images.githubusercontent.com/3145217/87880082-cf77f000-c9bc-11ea-857a-7ecdcfbf880e.png

Needless to say he doesn't want to use Riot anymore :(

Steps to reproduce

• I had Riot set up on Windows Desktop client and Android. He set up Riot on Android and web via chrome.
• All sessions were verified
• Waited a few hours, sent him a message
• He didn't get a notification on mobile (separate issue!)
• Logged in to web client, says he needs to verify.

Logs being sent: yes/no

Version information

• Platform: web (in-browser)

For the web app:

• Browser: Chrome
• OS: Window
• URL: riot.im/app

[t3chguy]

Is their Web client configured to delete cookies? Are they using a bookmark which ends in /login or /welcome?

[eblanshey]

Their web client is not configured to delete cookies. They bookmarked a specific room, like https://riot.im/app/#/room/!IDHERE:matrix.org.

[t3chguy]

A session is created each time you log in (the password is required to create the session) so something must have been causing the session data to be dropped

[notramo]

If they have too much sessions with the same name (e.g. 3-4 of Firefox on Linux), it should display information about private browsing mode, because they are likely to be created because of deletion. It shouldn't count mobile logins, other clients (e.g. Nheko, Spectral, etc.), and Element Desktop, only browsers. Some browsers allows to detect private mode (e.g. FF disables some features like WebRTC). It should display the warning also when it is detected.