Login session on https://ahwoo.com/app/100000/kitten-space-agency does not persist across browser restarts

Maxi

Maxi

Member
Oct 17, 2025
29
18

Intented Behaviour​


i want to stay logged in to ahwoo.com/app/100000/kitten-space-agency across browser sessions, as one would expect with a 7-day idle timeout / 30-day max session duration as described here:

jsmkte

Post in thread 'Extended Login Session Durations for https://ahwoo.com/app/100000/kitten-space-agency'

Maxi said:
The Login Session Duration for https://forums.ahwoo.com has been working great so far since you posted


I visit the forums from time to time and it is frequent enough to always stay logged in.

It would be nice if you could also do the same for https://ahwoo.com/app/100000/kitten-space-agency since i neeed to re-authenticate with discord every time a new version is available or even every time i restart the browser (both firefox and chrome).
Click to expand...
Hey Maxi,

So ahwoo.com has a session idle...
  • Like

in an response to

Maxi

Thread 'Extended Login Session Durations for https://ahwoo.com/app/100000/kitten-space-agency'

The Login Session Duration for https://forums.ahwoo.com has been working great so far since you posted


I visit the forums from time to time and it is frequent enough to always stay logged in.

It would be nice if you could also do the same for https://ahwoo.com/app/100000/kitten-space-agency since i neeed to re-authenticate with discord every time a new version is available or even every time i restart the browser (both firefox and chrome).
  • Like

What happened instead​


Every time I close and reopen my browser, I am logged out of the app and have to re-authenticate via my auth provider (Discord). This happens regardless of how recently I logged in. Even if I log in, close the browser, and immediately reopen it, the session is gone.

Meanwhile, I stay logged into https://forums.ahwoo.com indefinitely across browser restarts.

What I expected to happen​


I expected to remain logged in for at least 7 days (idle timeout) or until the 30-day max session expires, without needing to re-authenticate after every browser restart such as described by @jsmkte

So far the game has had version updates more frequent than the 7 day idle timeout and i always immediatly download it, so i should have stayed logged in the entire time.

Possible Root Cause​


I investigated the cookies set by Keycloak (the authentication provider at auth.ahwoo.com) and found that two cookies are set as session cookies with no Expires or Max-Age attribute:

CookieExpiresHttpOnly
AUTH_SESSION_IDSessiontrue
KEYCLOAK_IDENTITYSessiontrue
KEYCLOAK_SESSIONFri, 08 May 2026 (30 days)false
KC_AUTH_SESSION_HASHSame day (hours)false

Session cookies are deleted by the browser when it is closed. This means no matter how long the server-side session remains valid, the browser loses the credentials needed to resume it on the next launch.

Only KEYCLOAK_SESSION has a persistent expiry (30 days), but without AUTH_SESSION_ID and KEYCLOAK_IDENTITY, it is insufficient to restore the session.

For comparison, the forums seem to not have these cookies at all and use XenForo with a persistent xf_user cookie (expires Feb 2027) instead, which is why forum logins survive browser restarts.

I have experienced the issue in my own keycloak deployments and therefore believe that this is the likely root cause.

Suggested fix​


Enable the "Remember Me" feature in the Keycloak realm configuration. When enabled, Keycloak sets persistent cookies with an explicit Max-Age/Expires instead of session cookies. This would allow the browser-side cookies to match the intended server-side session lifetime (7-day idle / 30-day max).

Browser and OS​


  • Firefox 137 on Windows 10 Pro (22H2) with both "Standard" and "Strict" Privacy / Enhanced Tracking Protection settings
  • Google Chrome (latest) on Windows 10 Pro (22H2)

The issue occurs in both browsers.

Steps to reproduce​


  1. Go to ahwoo.com/app/100000/kitten-space-agency
  2. Log in via Discord
  3. Close the browser completely (not just the tab)
  4. Reopen the browser and navigate to ahwoo.com/app/100000/kitten-space-agency
  5. Observe that you are logged out; browser console shows "No valid Keycloak session found"
 
  • Like
Reactions: Terra Incognita and Kiwi Shark
Upvote 2
This does seem to match my experience. Forums stay logged in forever, but I can open the game download three nights in a row on the same browser/computer and have to re-log each time.
 
  • Like
Reactions: Terra Incognita and Maxi
Hey Maxi

We're aware of the session cookie not persisting when closing the browser. This varies from browser to browser, and even different versions.

Regarding Keycloak, this is not related to "Remember Me". This is already enabled, but it is not available for sessions based on 3rd party identity providers (by design).

I understand the annoyance of having to log in each time to download the latest version, especially with the amount of versions that have been released recently.

Using Email + Password + Remember Me will keep the session cookie active, which is currently configured with a 30 day idle time, so I suggest using this method to stay signed in.

In the mean time, we will add this issue to our backlog, as there are potential strategies that we could implement to reduce friction for our users.
 
You must log in or register to reply here.

Similar threads

Maxi
  • Suggestion Suggestion
Extended Login Session Durations for https://ahwoo.com/app/100000/kitten-space-agency
Replies
4
Views
56
Ahwoo Feedback and Suggestions
jsmkte
jsmkte
Top Bottom
Back