"Remember me" is using session cookies

Some time ago, the Dashboard “remember me” stopped working across browser sessions.

For security and UX reasons (no plugins interfering), I access Cloudflare in a separate browser profile (latest firefox in my case). When I’m done, I close the browser.
If I reopen the browser, I will not be logged in, whether I’m setting “remember me” at the login or not.

This used to work. I have 2FA activated, but it did work with 2FA before.

It seems to be the vses2 Cookie, which is a session cookie. If it’s not present in the request, authentication will not succeed. Please make it a persistent cookie again.

2 Likes

I’ve been having trouble with Cloudflare dashboards logging me out while idle, and not remembering my login for the past couple of weeks (or more). I believe it’s tied to this:

https://community.cloudflare.com/t/cloudflare-access-availability-issues/244693

1 Like

I’m terrible with estimating how long ago it started to fail (somehow the days have picked up speed and are flying by), but I’d say a few weeks as well. It could certainly be related to the issue you mentioned, multiple unrelated bugs around a single feature are less likely, but coincidences happen. Apparently it’s not affecting everyone or I’m sure there would be a lot more people reporting bugs.

What works for me is to manually add a persistent vses2 cookie. Restarting the browser no longer logs me out when “Remember me” was checked. Hoping that CF will accept the session key a few days from now, that is a good-enough workaround for me.

Having the same issue. This has been happening for about a week, maybe two weeks. Remember Me is not working as long as we close the browser. Also using Firefox.

Can it be due to the new “Total Cookie Protection” or some privacy or either addon like “AdBlock/DuckDuckGo Privacy Protection”?

Recently, I have been logged in Facebook and wanted to login to Instagram - using my desktop PC - and for a whole day I cannot login to Instagram (using FireFox Developer edition).

I don’t think that’s related. Total Cookie Protection is about 3rd Party cookies, but CF isn’t using a 3rd party SSO service. I can rule out plugins as I’m not using any on the profile I use for CF.
Adding an expiry date for the vses2 cookie fixes it, so I don’t think it’s a client side issue.

Welp, now “Remember me” has been completely removed from the Login form. I guess that answers the question of whether it will get fixed.

2 Likes

Hopefully, it will be back soon, as I don’t want to have to login multiple times per day.