I have a project that is in production and on desktop and mobile works well, with one major annoyance. In mobile browsers (chrome and safari, iOS and Android), the users all too often end up back on the login screen after periods of inactivity (a few hours or more).
The user experience is:
Navigate all through the app for as long as a user wants…no issues
Leave the tab in the browser open, and go about other things in life.
Come back the next day, and go to the open tab in the mobile browser. Tap to navigate to another link, and get redirected to the login screen.
User logins in, and all is well until they leave again.
Now if a user closes the tab, and then opens a new tab, and goes to the site, they are recognized and there is no login.
I have never experienced the problem on desktop, only mobile.
It has me thinking the memory management of mobile browsers is discarding the auth cookie, so when coming back the server sets a new one.
So I’m wondering if anybody else experiences this? If y’all tell me you have web apps running in mobile and experiencing no login issues, I’d be curious to here about your infrastructure (this project is Apache reverse proxy to node).
The site security cookie was being set with the default settings and in troubleshooting is now set for 365 days, Secure and same site Strict.
Any and all thoughts welcome and appreciated!