I am using CredentialsAuthProvider with SS v4.0.39, and have been for well over a year. A client has asked what the "remember me" checkbox on the login page does. My understanding was that this determines whether the user's session is persisted across browser tabs.
However, having tested it, when rememberMe = false, the ss-pid cookie is still returned, and if I open other tabs/browser windows, the session is retrieved and user is an "authenticated" user.
Have I mis-understood the behaviour?
Both of ServiceStack
ss-idandss-pidSession Cookies are always created. The?RememberMe=trueparameter indicates that the Users Session should be stored under the permanent Idss-pidinstead of the default Temporary Session Idss-idwhich is how Users Sessions can survive Browser restarts since thess-pidpermanent Cookie isn't reset.