I browse /r/GuildWars2 on reddit and usually follow links back to the forum. It has driven me crazy that I am always required to login before proceeding to the post, so I figured I would look into why.
It appears the session cookie (which is, I assume, “s”) has a year-long expiry… Normally session cookies should last for the browser session (hence the name “session cookie”) and will therefore be cleared when the browser closes. This does not happen with a year-long TTL and therefore the session cookie persists through closing the browser.
The second problem is that the web-service session appears to have a much lower TTL for the server-side session. This is fine, BUT, when my browser presents my session cookie from yesterday, I am presented with the login form instead of the page I was hopping to land on. This unneeded disconnect is frustrating and discouraging.
Proposed Solutions:
1) Make the session cookie expire on the session. Since the server-session doesn’t appear to persist for that long, there’s no point in the browser holding onto a token that is unusable after a small amount of time. If session cookies are not your thing, at least make it the same length as the server-session.
2) If presented with a cookie for a stale session, do not require a login. Instead either recycle the token and clear the server-session (so they are a guest) or generate a new session and send that token to the client.
There is no reason I need to login to view the forums because I didn’t log out from the night before. If I want to post a reply, I can easily login as needed.
Thanks for listening to my suggestion!
Ammorth
Not affiliated with ArenaNet or NCSOFT. No support is provided.
All assets, page layout, visual style belong to ArenaNet and are used solely to replicate the original design and preserve the original look and feel.
Contact /u/e-scrape-artist on reddit if you encounter a bug.