When I log in and authenticate, I always check the box saying to remember me for 30 days. But I end up having to re-authenticate in a week, or two, at the the most. It's not 30 days.
Are you using the 2fa option too? And if so, are you also using the 2fa remember option?
Yes, on both counts.
I sort of have a similar situation but for me it's more like, I'm expecting the 2fa bind to be a separate consideration from logging in and out. I often logout, just as a habit, but my expectation is that since I checked "remember me" at the 2fa challenge portion, that I shouldn't be prompted for 2fa again for 30 days. So in my mind I wasn't expecting to be challenged for 2fa again in 30 days, independently of my logging in or out. That's just me, though, not speaking for Allen.
Hmmmm, that's interesting @Antimetica. I don't log out. I would suspect that logging out might prompt another 2fa authentication, but I can where you'd expect to be remembered for 30 days whether you log out or not. Since I don't log out, I'd expect to have to go for 30 days before another 2fa authentication attempt. It's happening about once a week or 10 days.
If you do log out you'll be promoted for the 2fa again, with remember me options on both the log in and the 2fa. that should restart the clock.
But as you do not log out between sessions that shouldn't be a factor.
@Garden Gnome Publications You're not running any sort of browser extensions that would be deleting cookies from time to time, would you?
I'm asking because I have not had the experience and it's pretty hard to test for if it isn't happening to me, so I'm looking for things that I can do or add to try to replicate the behaviour.
No, but I am using the Brave browser with shields down.