Hi Folks,
I stumbled upon an issue, which I am not sure is intended behavior!
When logging in (with SSL enabled) and not selecting ‘Keep me logged in’, the users will be automatically logged out when application is refreshed.
Typically you’d expect that the ‘Keep me logged in’ just enables for longer session duration (>24 hours) and not selecting it would give you a short session (somewhere between 5 minutes and 24 hours depending on the desired security level).
However, from what I have experienced, no access tokens will be stored in the local / session storage or in a cookie if you don’t select the option. So it would make sense that you’re getting logged out when the application is refreshed.
Is this by design / intentional? I don’t honestly know any other app / service which has implemented it like this.