[17:40:34] <Reedy>	 I still seem to be logged out a lot
[21:38:01] <tgr|away>	 Reedy: yeah, something is definitely going on. T383566 is the (a?) task about it.
[21:38:02] <stashbot>	 T383566: Some editors are frequently getting logged out (multiple times a day) - https://phabricator.wikimedia.org/T383566
[21:38:17] <Reedy>	 Aha, good it's not just me
[21:38:24] <Reedy>	 I'd seen the old task was closed, and was a little confused
[21:38:25] <tgr|away>	 if you are willing to investigate, some of the information that tends to be useful:
[21:38:45] <tgr|away>	 - do you need to log in, or does autologin work, just needed more often than normal?
[21:39:16] <tgr|away>	 - does it affect the same wiki where you logged in (filled out the login form), or just the other top-level domains?
[21:39:28] <Reedy>	 I have to login to at least one wiki, then the autologin seems to work elsewhere
[21:39:43] <Reedy>	 I'm not 100% sure, but I seem to be logged out basically every day
[21:40:07] <Reedy>	 Not so much when I'm using it, it's more like "I wake up in the morning and am logged out"
[21:40:08] <tgr|away>	 - do you have login cookies (there should be three centralauth_* cookies and five <wiki>* cookies), with one year expiry for most of them?
[21:41:19] <Reedy>	 I don't seem to see 3 CA cookies
[21:41:27] <Reedy>	 _User and _Session I do see
[21:41:56] <Reedy>	 _User is a month away
[21:42:03] <Reedy>	 _Session has none
[21:42:04] <tgr|away>	 so that means no "keep me logged in" flag
[21:42:23] <Reedy>	 Annoyingly, 1Password has started pressing the log in button for you
[21:42:35] <Reedy>	 So you autocomplete... And then it's logging you in before you can check it
[21:42:40] <Reedy>	 Changing the muscle memory workflow to check it first...
[21:42:45] <tgr|away>	 and in practice ~24 hour session expiry since that's the central session store retention time
[21:44:18] <tgr|away>	 if you are sure you checked the checkbox, the next question would be, do you see this on the domain where you logged in (which would be an AuthManager bug) or only on other domains (that would mean autologin not copying the "keep me logged in" flag correctly)?
[21:44:58] <Reedy>	 I will note it seems to be (a lot lot?) worse on FF
[21:45:08] <Reedy>	 I have my WMF account on Chrome, and that seems to stay logged in for much longer periods
[21:46:38] <tgr|away>	 That's potentially a third thing: some browsers will forcibly reduce cookie lifetimes when they decide the login flow resembled user tracking. Not sure if/how that shows up in the developer console.
[21:47:22] <tgr|away>	 Hopefully SUL3 will help with that, though hard to say for sure.
[21:48:50] <tgr|away>	 You can set a per-site exemption from third-party cookie blocking: https://support.mozilla.org/en-US/kb/third-party-cookies-firefox-tracking-protection#w_enable-third-party-cookies-for-specific-sites
[21:50:14] <tgr|away>	 technically third-party cookie blocking and what I suspect is happening here (bounce tracking mitigation) are different things, not sure if FF Enhanced Tracking Prevention includes both, but worth a try
[21:53:52] <tgr|away>	 if you want to investigate the relevant FF doc is https://firefox-source-docs.mozilla.org/toolkit/components/antitracking/anti-tracking/bounce-tracking-protection/index.html#list-recently-purged-sites
[21:54:03] <tgr|away>	 though I have no idea if it's accurate