New Login UI session cookie doesn't survive browser close
Today I figured out that the sessions cookie set by the New Login UI doesn't have an expiry date or max age and thus is created as a session cookie. For Firefox (with restore session on) this means an endless living cookie, but other browsers (at least Chrome and Safari without restore tabs) are clearing the session cookies at different times. This means that I have to login after closing my browser even if the settings are to stay signed in for 10 days. Is this deliberate or a bug?
1 Reply
Hi @Bram, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Limit Zitadel login to browser session :
Discusses how session cookie configuration (like MaxAge) affects browser behavior and notes that setting MaxAge to 0 makes the cookie expire on browser close, impacting session persistence across browsers. 2. How to Handle Session Validation :
Explains how session state and validation work in ZITADEL, including session expiration and how sessions can be configured or checked in the application. Feel free to tag @Ask Inkeep with additional questions.
Discusses how session cookie configuration (like MaxAge) affects browser behavior and notes that setting MaxAge to 0 makes the cookie expire on browser close, impacting session persistence across browsers. 2. How to Handle Session Validation :
Explains how session state and validation work in ZITADEL, including session expiration and how sessions can be configured or checked in the application. Feel free to tag @Ask Inkeep with additional questions.