Anyone else being forced to log into the site for each visit?
I noticed that every time I visit the site, I have to log in. I remember not having to do this a few days ago. I was assuming a cookie was being set for a timeframe until I explicitly log out. I can't remember if there was a "remember me" button. I'm using Firefox and tried disabling my extensions, but that didn't seem to help.
Yes that is exactly what I noticed. I assumed that this had something to do with the recent Lemmy exploit and forcing users to refresh their tokens more frequently.
I switched to jerboa app (since I'm mainly on a mobile device anyways) and there the problem doesn't exist.
How are you visiting the site? Are you typing the URL into the address bar yourself or are you going to Google and then clicking on the link?
For the later, a few weeks back Lemmy pushed a change that doesn't allow cookies to be seen if coming from an external domain. This change might have finally made it to your instance.
I'm usually just either clicking a link that directs me to a post on this programming.dev instance (via my RSS reader) or just typing the programming.dev domain in my browser bar. Neither of which seems like it would have cross-domain cookie issues, so not sure what it could be.
Clicking on the link would if you're currently on lemmy.world and it's taking you to programmingml.dev. But ya typing the URL into the browser bar shouldn't.
Something you might try... Logout and log back in and the look for the jwt cookie and see what properties are set on it. Maybe they've started using session only cookies?