Where has my thread gone??

So, my last logg-in stayed for 2 days, then I was logged out again.

Same for me.

Logged out: last night, this morning (~11 hours later), just now (~1.5 hours later), just now (~5 minutes later), just now (~5 minutes later). Just closing my browser in between. Yes, the "remember me" checkbox is checked every single time. This still worked fine a week ago.

Have you checked if maybe the /tmp dir (or wherever session information is persisted when not in memory) is full?

Also, just to rule out things, the scripts from static.cloudflareinsights.com and dev.visualwebsiteoptimizer.com aren't at all touching anything to do with staying logged in, right? As those are blocked by my uBlock Origin, and throw errors in the console.

Also, the "Subscribe to this thread" checkbox isn't remembering its default-off state each time; I guess that's stored in the session? Might be good moving that to a long-lived separate cookie.

[ Edit: Edited on 10 Apr 2025, 08:34 GMT by Sander ]

The two cookies that are pertinent for this are the SID cookie and the JSESSIONID cookie. The SID cookie is the long lived session token that is used to refresh the short lived sessions and is stored in the database which has plenty of space. The JSESSIONID cookie is the main cookie that controls your current live session.

I did see a weird thing the other day where there were two JSESSIONID cookies - one for www.travellerspoint.com and one for .travellerspoint.com . This is why I suspected maybe visiting the blogs somehow played a part because that's where the one without the www is needed. But that clearly is not the case. There shouldn't actually be a www one at all.

The other change to sessions is to do with some of the other recently added pages on the site which rely more on a JWT session which again is refreshed using the SID. So my other thought is that visiting those pages might somehow affect things? These are pages like this Paris page or the entire accommodation section currently.

Somehow I'm still not getting this problem though.

Thanks, Peter.

I was logged out again this morning. It now seems to be a daily event (it's ok for my visists during the day). I haven't visited any TP pages apart from the forums and...only when I have to log in!... my home page for weeks.

Sander's comment about the subscription box is valid for me too and is happening on this thread.

I only have a SID cookie for .travellerspoint.com, with (crucially?) a lifetime of session. (The JSESSION is also for .travellerspoint.com - I don't have either one for www.) Let's do some testing...

When logging in, I indeed see the SID and JSESSION cookies being set. Neither has an Expires header.

When closing the browser, and re-opening, these two cookies are both gone, as expected for session cookies, and so I'm logged out.

When manually setting the expires time of the SID cookie for the far future, I indeed remain logged in after closing and reopening the browser.

So, functionality restored for me. Question for you to solve this for everyone is why the Expires header is missing from the SID cookie. (And why last week, even if we were all logging out regularly, we'd at least go several days in between - that must've meant there still was an Expires header, right? Or are there multiple independent issues at play?)

[ Edit: Edited on 11 Apr 2025, 07:56 GMT by Sander ]

In case it's relevant, I don't close Chrome during the day. I only close it before the computer is switched off overnight

I wonder if browsers are somehow not handling the expiry date the same way they used to. I set it for a year in the future (in theory), but most browsers set it to 6 months in practice. Maybe some browser updates have happened and they are just ignoring that entirely.

Though that still doesn't explain why it would have been playing up before the long expiry time was restored.

Well I'm just guessing. Thanks for the testing and yes, that definitely seems where it's going wrong. I'll do some testing in that area and see if I can reproduce the problem.