I would like to revisit this question, as nobody answered it on the “old forum” (which claims that it’s deprecated now). It’s annoying to stay logged in across browser restarts for several WEEKS, and then one day simply be blown out of the water and have to log in again. What is the standard “remember me” duration supposed to be, and which cookie(s) need to still be present??
I mean you could just look at the _osm_session cookie in your browser - it is a client side artifact after all.
The answer you would find is that it’s valid for 28 days, and it does get updated whenever you interact with the site.
The real problem is that how long the cookie lasts is only one part of the equation - the other part is how long the session record on the server lasts because if that expires then the cookie becomes meaningless.
I imagine you’re asking this because you got logged out yesterday and the reason that happened is that we were subject to a DOS attack which caused a lot of sessions to be created which in turn caused the session store to overflow and evict older sessions.
Typical motivation of such criminals is extortion, usefulness is not really what matters here. There were also cases of hospitals being victims of DDoS and ransomware and similar attacks.