Sessions & sign-in persistence

Scrydon uses secure, HTTP-only session cookies. How long a session lasts depends on the choices you make at sign-in.

Session duration

With Remember me (the default), your session is valid for 30 days and the expiry slides forward as you use the platform — you stay signed in on that browser until you sign out, are deactivated, or stop using Scrydon for 30 days.

If you untick Remember me, Scrydon issues a stricter session: it ends when your browser fully exits (including mobile browsers being evicted in the background) and expires after at most 24 hours either way. Choose this on shared or public machines.

Single sign-on (SSO), passkey, and magic-link sign-ins always use the 30-day remembered behavior.

Two-factor authentication and "Trust this device"

If your account has two-factor authentication enabled, you enter a 6-digit code (authenticator app or email) after your password. The form submits when you select Verify — take your time; nothing is sent while you type.

Ticking Trust this device before verifying registers the browser as trusted for 30 days: you won't be asked for a second factor on that device during that window. The trust is bound to your account and device and is re-validated server-side on every sign-in.

Why was I signed out?

• You (or an administrator) signed you out or revoked your sessions — for example after deactivation or a password reset.
• You signed in with Remember me unchecked and the browser exited, or the 24-hour limit passed.
• Your session reached the 30-day maximum without activity.

If you are signed out unexpectedly on a corporate device, also check for browser policies that clear cookies on exit.