14:13 <hashar> anyway from their doc at https://docs.gitlab.com/ee/user/profile/index.html#cookies-used-for-sign-in ,  there should be a `remember_user_token`  which is set when one uses "Remember me"
14:13 <hashar> and I don't have it ;)
14:19 <bd808> hashar: I don't have one either, but I wonder if that is due to not using their password auth more than anything else? The login flow we use never has "remember me" field that is hosted by gitlab does it?
14:19 <hashar> yeah I think that is the issue
14:20 <hashar> the auth provider is CAS OmniAuth if I got it right (which is deprecated)
14:20 <hashar> and even if check remember me on our idp.wikimedia.org, the cookie is not set on gitlab
14:20 <hashar> so I guess that provider doesn't set the cookie
…
4:22 <hashar> there is some upstream task https://gitlab.com/gitlab-org/gitlab/-/issues/370083  "Remember me cookie not set when bypassing 2fa in omniauth"
14:23 <bd808> I don't think we run with omniauth_allow_bypass_two_factor=true
14:54 <+thcipriani> we talked about it in the team meeting and I confirmed that the headers looked right for setting a cookie that *should* last 7 days (although in practice, mine doesn't seem to for whatever reason: maybe a "my weird setup" problem)
14:56 <+thcipriani> well. I confirmed at least that the "expires" looks right. On Feb 16th I got the header: set-cookie: known_sign_in=XXX; path=/; expires=Thu, 02 Mar 2023 16:21:06 GMT; secure; HttpOnly; SameSite=None