I keep getting logged out periodically even though I check ‘Remember Me’ when I log in to Matomo.
When having been logged out, the session cookie is preserved, but apparently it is no longer recognized or valid. This happens every few hours.
The HTTP request contains:
MATOMO_SESSID=<HEXADECIMAL_VALUE>
The HTTP response contains:
MATOMO_SESSID=<SAME_HEXADECIMAL_VALUE>; expires=Sat, 06-Mar-2021 08:31:05 GMT; path=/; secure; httponly; SameSite=Lax
My Matomo instance sits in a Docker container behind an Apache2 reverse proxy. The Apache site configuration contains:
ProxyPreserveHost On
ProxyPass / http://localhost:8093/
ProxyPassReverse / http://localhost:8093/
ProxyPassReverseCookieDomain localhost <MY_PUBLIC_DOMAIN>
RequestHeader set X-Forwarded-Proto "https"
Request IPs (first two bytes) are recorded correctly, indicating that Matomo is aware that it sits behind a reverse proxy.
What could be the reason why the session cookie is not recognized or considered valid by Matomo?