Add docs explaining why you get signed out with "Remember me"docs/add-why-do-i-get-signed-out-authentication-section

See https://gitlab.slack.com/archives/C101F3796/p1512486640000434

3 files changed, 31 insertions, 1 deletions

diff --git a/changelogs/unreleased/docs-add-why-do-i-get-signed-out-authentication-section.yml b/changelogs/unreleased/docs-add-why-do-i-get-signed-out-authentication-section.yml
new file mode 100644
index 00000000000..bc245880ed0
--- /dev/null
+++ b/changelogs/unreleased/docs-add-why-do-i-get-signed-out-authentication-section.yml
@@ -0,0 +1,5 @@
+---
+title: Add docs for why you might be signed out when using the Remember me token
+merge_request: 15756
+author:
+type: other
diff --git a/doc/topics/authentication/index.md b/doc/topics/authentication/index.md
index 597c98fbf6b..1f30909b0aa 100644
--- a/doc/topics/authentication/index.md
+++ b/doc/topics/authentication/index.md
@@ -6,6 +6,7 @@ This page gathers all the resources for the topic **Authentication** within GitL
 
 - [SSH](../../ssh/README.md)
 - [Two-Factor Authentication (2FA)](../../user/profile/account/two_factor_authentication.md#two-factor-authentication)
+- [Why do I keep getting signed out?](../../user/profile/index.md#why-do-i-keep-getting-signed-out)
 - **Articles:**
   - [Support for Universal 2nd Factor Authentication - YubiKeys](https://about.gitlab.com/2016/06/22/gitlab-adds-support-for-u2f/)
   - [Security Webcast with Yubico](https://about.gitlab.com/2016/08/31/gitlab-and-yubico-security-webcast/)
diff --git a/doc/user/profile/index.md b/doc/user/profile/index.md
index 5fcc0501dc1..04e615330ce 100644
--- a/doc/user/profile/index.md
+++ b/doc/user/profile/index.md
@@ -1,8 +1,32 @@
 # User account
 
-When logged into their GitLab account, users can customize their
+When signed into their GitLab account, users can customize their
 experience according to the best approach to their cases.
 
+## Signing in
+
+There are several ways to sign into your GitLab account.
+See the [authentication topic](../../topics/authentication/index.md) for more details.
+
+### Why do I keep getting signed out?
+
+When signing in to the main GitLab application, a `_gitlab_session` cookie is
+set. `_gitlab_session` is cleared client-side when you close your browser
+and expires after "Application settings -> Session duration (minutes)"/`session_expire_delay`
+(defaults to `10080` minutes = 7 days).
+
+When signing in to the main GitLab application, you can also check the
+"Remember me" option which sets the `remember_user_token`
+cookie (via [`devise`](https://github.com/plataformatec/devise)).
+`remember_user_token` expires after
+`config/initializers/devise.rb` -> `config.remember_for` (defaults to 2 weeks).
+
+When the `_gitlab_session` expires or isn't available, GitLab uses the `remember_user_token`
+to get you a new `_gitlab_session` and keep you signed in through browser restarts.
+
+After your `remember_user_token` expires and your `_gitlab_session` is cleared/expired,
+you will be asked to sign in again to verify your identity (which is for security reasons).
+
 ## Username
 
 Your `username` is a unique [`namespace`](../group/index.md#namespaces)