Closed jhogendorn closed 3 years ago
Login sessions should already be essentially "forever" unless the server's private key is rotated or a user password change happens. Can you please provide a list of reproducible steps and browser/os etc. if your session is expiring? I just tested,(by going to portal.hsbne.org) and it showed the login page for a brief moment and kicked me over to the dashboard because I was already logged in.
I'll track what the conditions are next time it asks me to login. its typically on my phone where it always wants auth.
Yeah this is consistent, every time i open the portal using chrome on my iphone it wants me to login. I've also noticed if i fill in the passwords with my password manager, it doesnt detect the password and wont let me login so i have to do it twice. this seems to be only a thing on the phone.
Ok I'll have a look and see if I can reproduce it. I've been using the development build of the iOS app recently so I may not have noticed it.
I'm happy to sit down and demo/debug this issue on a tuesday or something if it helps. or i can take a screen recording if thats useful?
I'll let you know if I can't repro it. :)
This has been resolved in v2.4.1. There was a bug with mobile detection logic that meant the browser version on iOS was using mobile app logic (and JWTs instead of cookies), and there was a bug in the JWT refresh logic which meant the JWT was never properly refreshed. A new beta version has been submitted to test flight for review and this will be rolled out to the HSBNE portal shortly.
fwiw I'm still having to login every time on the web and app. and the password manager flow doesn't work as discussed so its a long process to get in each time.
It would be great to have long sticky login sessions so i dont have to auth every time i open the portal.