burtonator
commented
2 weeks ago @dillchen had these comments:
Would be great to refresh expiration as they log in again before initial expiration . I think there is a previous ticket that said we ought to extend sessions to 14 days. As a note, we’ll have to update the session length within our “canvas session key provider” and within Magic (they set a separate session length) Sent via Superhuman iOS @.> … On Sat, Apr 27 2024 at 2:26 PM, Kevin Burton @.> wrote: What do we want to set as the expiration. Also, should we extend the expiration each time they log into the app or should it have a fixed cliff? — Reply to this email directly, view it on GitHub <#7109 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABIWMHNDOMHKJEWAZQBS7LDY7PUXBAVCNFSM6AAAAABEWJXUTWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRGEZDEMBRGU . You are receiving this because you commented.Message ID: @.***>
Describe the bug
Right now all our auth cookies are just session length.
As soon as your browser restarts you have to login again.
The reason we didn't notice this before is that Chrome will keep your 'session' active as long as your current browser process is active - which for most desktop users is a long time.
I think we need to determine how long a user session should last?
It seems this applies to both magic auth and wallet connect auth and both will have to be adjusted.
The fix is somewhat easy. I just have to set the cookie expiration.