github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-11 17:46:29 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

"Remember me" option on login page do not always work #293

New Issue
Closed
opened 2025-11-02 03:17:31 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-02 03:17:31 -06:00
Owner
Copy Link

Originally created by @andreynering on GitHub (Jan 27, 2017).

  • Gitea version (or commit ref): bb5a6b7 (current master)
  • Git version: git version 2.10.0.windows.1
  • Operating system: Windows
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
  • Log gist:

Description

Even if you check the "Remember me" checkbox, you sometimes have to login again after restarting the browser or computer. I think the right behavior should be remembering forever.

g1

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Originally created by @andreynering on GitHub (Jan 27, 2017). - Gitea version (or commit ref): bb5a6b7 (current master) - Git version: git version 2.10.0.windows.1 - Operating system: Windows - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [x] Yes (provide example URL) https://try.gitea.io/user/login - [ ] No - [ ] Not relevant - Log gist: ## Description Even if you check the "Remember me" checkbox, you sometimes have to login again after restarting the browser or computer. I think the right behavior should be remembering forever. ![g1](https://cloud.githubusercontent.com/assets/7011819/22382902/c3ba194c-e4ae-11e6-85b5-888de77eab1a.png) <bountysource-plugin> --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/41380640-remember-me-option-on-login-page-do-not-always-work?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F47456670&utm_medium=issues&utm_source=github). </bountysource-plugin>
GiteaMirror added the type/bug label 2025-11-02 03:17:31 -06:00
GiteaMirror commented 2025-11-02 03:17:32 -06:00
Author
Owner
Copy Link

@bkcsoft commented on GitHub (Jan 28, 2017):

"Remember me" depends on cookies, do you clear all cookies when you restart the browser?

@bkcsoft commented on GitHub (Jan 28, 2017): "Remember me" depends on cookies, do you clear all cookies when you restart the browser?
GiteaMirror commented 2025-11-02 03:17:33 -06:00
Author
Owner
Copy Link

@andreynering commented on GitHub (Jan 31, 2017):

@bkcsoft No I don't. But maybe cookies are being expired in the server side.

@andreynering commented on GitHub (Jan 31, 2017): @bkcsoft No I don't. But maybe cookies are being expired in the server side.
GiteaMirror commented 2025-11-02 03:17:33 -06:00
Author
Owner
Copy Link

@bkcsoft commented on GitHub (Feb 12, 2017):

@andreynering Yeah most likely

@bkcsoft commented on GitHub (Feb 12, 2017): @andreynering Yeah most likely
GiteaMirror commented 2025-11-02 03:17:33 -06:00
Author
Owner
Copy Link

@rof20004 commented on GitHub (Jan 2, 2019):

This can be closed?

@rof20004 commented on GitHub (Jan 2, 2019): This can be closed?
GiteaMirror commented 2025-11-02 03:17:33 -06:00
Author
Owner
Copy Link

@monkeyhybrid commented on GitHub (Jan 2, 2019):

I still experience this issue so I don't think it should be closed.

I just checked the client-side cookie situation with Firefox's web dev tools. I logged in to Gitea a few minutes ago for the first time since before Christmas, with 'remember me' ticked. A couple of cookies are set to expire once session has ended, the CSRF cookie expires after 24 hours, and two other cookies expire after 1 week. I'm guessing at least one of these should be set to never expire.

To summarise, my client cookies look like this:-

  • _csrf - set to expire 24 hours after login
  • gitea_awesome - set to expire 1 week after login
  • gitea_incredible - set to expire 1 week after login
  • i_like_gitea - expires after session ends
  • lang - expires after session ends

I do not clear my cookies. I always tick 'remember me'. I am asked to re-login frequently. I've never made a note of how long my login stays 'remembered', I've made a note to do that now. I'm guessing it's after 24 hours, or 1 week. I'll update when I know.

Edit: I have been checking each day since last login, and I am still 'remembered' so far, after 2 days. I suspect it will forget me after 1 week but I am making a note of times and cookie status and will report back here in a few days time.

@monkeyhybrid commented on GitHub (Jan 2, 2019): I still experience this issue so I don't think it should be closed. I just checked the client-side cookie situation with Firefox's web dev tools. I logged in to Gitea a few minutes ago for the first time since before Christmas, with 'remember me' ticked. A couple of cookies are set to expire once session has ended, the CSRF cookie expires after 24 hours, and two other cookies expire after 1 week. I'm guessing at least one of these should be set to never expire. To summarise, my client cookies look like this:- * `_csrf` - set to expire 24 hours after login * `gitea_awesome` - set to expire 1 week after login * `gitea_incredible` - set to expire 1 week after login * `i_like_gitea` - expires after session ends * `lang` - expires after session ends I do not clear my cookies. I always tick 'remember me'. I am asked to re-login frequently. I've never made a note of how long my login stays 'remembered', I've made a note to do that now. I'm guessing it's after 24 hours, or 1 week. I'll update when I know. Edit: I have been checking each day since last login, and I am still 'remembered' so far, after 2 days. I suspect it will forget me after 1 week but I am making a note of times and cookie status and will report back here in a few days time.
GiteaMirror commented 2025-11-02 03:17:34 -06:00
Author
Owner
Copy Link

@monkeyhybrid commented on GitHub (Jan 11, 2019):

I can now confirm that as soon as the gitea_awesome and gitea_incredible cookies expire (one week after login, even with Remember Me ticked), I am logged out and required to log back in again.

Is this not something everyone is experiencing?

I should probably add, I am currently accessing my local Gitea installation via HTTP until I move it to a new server with TLS. Does Gitea differentiate between the two, forcing shorter cookie life for non-HTTPS?

@monkeyhybrid commented on GitHub (Jan 11, 2019): I can now confirm that as soon as the `gitea_awesome` and `gitea_incredible` cookies expire (one week after login, even with _Remember Me_ ticked), I am logged out and required to log back in again. Is this not something everyone is experiencing? I should probably add, I am currently accessing my local Gitea installation via HTTP until I move it to a new server with TLS. Does Gitea differentiate between the two, forcing shorter cookie life for non-HTTPS?
GiteaMirror commented 2025-11-02 03:17:34 -06:00
Author
Owner
Copy Link

@monkeyhybrid commented on GitHub (Feb 2, 2019):

I just stumbled upon the sample configuration file, app.ini.sample, in the Gitea source. It shows a config option I had not noticed before:-

[security]
; How long to remember that an user is logged in before requiring relogin (in days)
LOGIN_REMEMBER_DAYS = 7

If this setting doesn't exist in your app.ini, the default of 7 days will be used. If this isn't to your liking, you just need to add / modify this option to whatever value suits you (and restart Gitea, and probably logout and in again).

I suppose this means this issue should be closed. :)

@monkeyhybrid commented on GitHub (Feb 2, 2019): I just stumbled upon the sample configuration file, [`app.ini.sample`](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample), in the Gitea source. It shows a config option I had not noticed before:- ``` [security] ; How long to remember that an user is logged in before requiring relogin (in days) LOGIN_REMEMBER_DAYS = 7 ``` If this setting doesn't exist in your `app.ini`, the default of 7 days will be used. If this isn't to your liking, you just need to add / modify this option to whatever value suits you (and restart Gitea, and probably logout and in again). I suppose this means this issue should be closed. :)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#293
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?