Open
Description
If all of these features are used on the same time, I don't think we handle this correctly.
- Server side session
- Session lifetime coordination (enabling session renewal through refresh token usage)
- Persistent cookies (the remember me option).
The result is that even if the session's lifetime is extended server side, the cookie is not extended and could be removed as expired by the browser.
This might apply to the BFF server side session system too.