"Remember me" option on login page do not always work

[lostmsu]

Description

I basically hit this one, and it is annoying: #778

TL;DR; even if you "Remember me" you have to login periodically.

I believe the handling here is incorrect. If I keep coming to my Gitea instance this cookie needs to be updated periodically, or should never expire in the first place

Gitea Version

1.21.11

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

services.gitea = {
    enable = true;
    appName = "xxx";
    database = {
      type = "postgres";
      user = config.services.gitea.user;
    };
    dump = {
        enable = true;
        type = "xz";
    };
    mailerPasswordFile = "/var/lib/gitea/mailer.pass";
    settings = {
        indexer = {
            REPO_INDEXER_ENABLED = true;
        };
        mailer = {
            ENABLED = true;
            SMTP_ADDR = "smtp.office365.com";
            SMTP_PORT = 587;
            FROM = "...";
            USER = "...";
            PROTOCOL = "smtp+starttls";
        };
        server = {
            ROOT_URL = "...";
            DOMAIN = "...";
            HTTP_PORT = ...;
        };
        service = {
            DISABLE_REGISTRATION = true;
            ENABLE_NOTIFY_MAIL = true;
        };
    };
  };

Database

PostgreSQL

[yp05327]

Do you mean that if user checked Remember me, then we need to refresh the expire time of the token every time he access the web page?
Maybe this can be an option, but from my side, this approach seems not safe.

[lostmsu]

I don't know what the best practice is, but most services like GitHub don't force you to relogin every 2 weeks. Best do whatever they do.

[lunny]

Please upgrade to latest stable version and try again.

[wxiaoguang]

1.22 has Enhanced auth token / remember me #27606 , which improves the "remember me"