Bodhi 2.6.0 has been deployed to production, and one of its changes is that new session tickets now expire without browser assistance. However, existing session tickets will never expire unless we alter the session secret in Bodhi's production.ini file.

To do this, please change the bodhi2AuthTkt variable in Ansible to a new random value. There is also a bodhi2SessionSecret that I believe is unused but I am not 100% sure so it would be good to adjust that too while you are in there.

Once this change is deployed to production and httpd is restarted, all existing login sessions on the web UI and the CLI should be expired, and all new sessions from there on out will expire after 24 hours (this is a default, and there is a new setting that allows us to alter it if desired.)