Session Cookie 1 year TTL; Forces Re-login

Session Cookie 1 year TTL; Forces Re-login

in Forum and Website Bugs

Posted by: Ammorth.3604

Ammorth.3604

I browse /r/GuildWars2 on reddit and usually follow links back to the forum. It has driven me crazy that I am always required to login before proceeding to the post, so I figured I would look into why.

It appears the session cookie (which is, I assume, “s”) has a year-long expiry… Normally session cookies should last for the browser session (hence the name “session cookie”) and will therefore be cleared when the browser closes. This does not happen with a year-long TTL and therefore the session cookie persists through closing the browser.

The second problem is that the web-service session appears to have a much lower TTL for the server-side session. This is fine, BUT, when my browser presents my session cookie from yesterday, I am presented with the login form instead of the page I was hopping to land on. This unneeded disconnect is frustrating and discouraging.

Proposed Solutions:
1) Make the session cookie expire on the session. Since the server-session doesn’t appear to persist for that long, there’s no point in the browser holding onto a token that is unusable after a small amount of time. If session cookies are not your thing, at least make it the same length as the server-session.
2) If presented with a cookie for a stale session, do not require a login. Instead either recycle the token and clear the server-session (so they are a guest) or generate a new session and send that token to the client.

There is no reason I need to login to view the forums because I didn’t log out from the night before. If I want to post a reply, I can easily login as needed.

Thanks for listening to my suggestion!

Ammorth