Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

image.png

Hey, we noticed that the `max-age` header for the Ory session cookie is sometimes set to the value `"Session"`  instead to the actual expire date (see screenshot). Could this been an issue from Ory Network?

After some more investigation we are thinking that the root cause is that we don't have enable `Persist sessions` in `Session cookie settings` on the project. Could this be the issue?