Describe the bug

When login is skipped and I call "accept login request" with only a subject (without remember params), the oauth2_authentication_session cookie is reset to be a session cookie instead of maintaining the same expiry date it had on first login (based on remember_for value).

Reproducing the bug

Steps to reproduce the behavior:

Should be reproducible with the sample login-consent app provided by Hydra, which is what I based my implementation on.

In the sample code here: https://github.com/ory/hydra-login-consent-node/blob/f4605748c2500f113813bc87b21c4875fc04694d/routes/login.js#L30

Only the subject is passed when accepting the login request (in case it was skipped). This for me causes the oauth2_authentication_session cookie to be reset to a session cookie. If I specify the remember params, the lifetime of the cookie is set accordingly. However for skipped login I don't want to have to re-specify remember params, it should not touch the cookie at all in my opinion.

Expected behavior

When accepting a skipped login request, the cookie used to remember the user should not be altered, and maintain its expiry date if it was set on first login through remember_for param.

Environment

• Version: oryd/hydra:v1.0.0 (Docker image)
• Environment: Docker