LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

When you keep interacting with a cookie-authenticated site, why does the cookie's expiry time keep moving further into the future?

It's a sliding (rolling) expiration — each request refreshes the session's last-access time so active users aren't logged out mid-use, while idle sessions still time out.

Active requests push the 30-minute window forward; an idle session still lapses and expires.

* Sliding expiry: each request renews the window; idle sessions still time out. *

The server tracks a __lastAccess timestamp for the session. On every request it pushes the expiry forward (e.g. "valid for 30 more minutes from now"). The effect:

  • Active user: the window keeps renewing, so they stay logged in seamlessly.
  • Walked-away user: no requests ⇒ the window lapses ⇒ the session expires and they must log in again.

This balances security (abandoned sessions die) against usability (you're not kicked out while working).

Tip: __lastAccess is typically a Unix timestamp — seconds since 1 Jan 1970 UTC. Watch the time zone: a cookie's "valid until" shown in UTC can look an hour or two off from your local clock.

Go deeper:

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 05, 2026