Currently, the Bitwarden web vault only remembers two-factor authentication (2FA) sessions. This means that if your previous session has expired, you will need to log in again. There is no option to save all sessions, meaning you have to authenticate multiple times with your email address and password.
But who is this security feature supposed to be for? I don’t think the golden era of internet cafes is here anymore, is it?
Of course, there are many use cases in which we need to log in to the Web Vault on a shared computer. This is where the checkbox that says “This is a public or shared computer” or “This is my own computer” comes into play.
One can set the timeout to be “never”, but that comes with risks. My preferred option is to lock after a short period (shorter on phone; longer on home desktop PC) and then use biometrics so that unlocking does not become annoying.
The general idea behind timeouts is to deal with stolen or compromised devices. If you were to get malware on your PC, it is significantly less worrisome if your vault is locked.
Moving this over to ask the community as there is no explicit request to change how Bitwarden works.
Could you clarify whether the issue that you are describing is literally about session expiration, which doesn’t happen unless your Web Vault browser tab is open but disconnected from the internet for 30 days? I suspect that you are describing something different, because 2FA are also cached for a maximum of 30 days when using “Remember me”, but it seems that you are not being asked to provide 2FA again.
Perhaps what you are experiencing is a Vault Timeout, which you can configure under Settings > Preferences. Make sure that the “Vault Timeout Action” is set to Lock instead of Log Out, and adjust the vault timeout period to your liking.
FYI, this option is actually not available in the Web Vault. The best you can do is to set a “Custom” timeout of 2.996155224e+306 hours and 12 minutes. And even this does not replicate the behavior of “Never”.