What is normal login cookie duration?

I mean you could just look at the _osm_session cookie in your browser - it is a client side artifact after all.

The answer you would find is that it’s valid for 28 days, and it does get updated whenever you interact with the site.

The real problem is that how long the cookie lasts is only one part of the equation - the other part is how long the session record on the server lasts because if that expires then the cookie becomes meaningless.

I imagine you’re asking this because you got logged out yesterday and the reason that happened is that we were subject to a DOS attack which caused a lot of sessions to be created which in turn caused the session store to overflow and evict older sessions.

7 Likes