StreamlitimplicitmediumCluster of 6 signals
Card #354 · Streamlit

Authentication cookie persistence regression in Streamlit 1.57.0

After upgrading to Streamlit 1.57.0, the authentication cookie set by st.login() has stopped persisting for 30 days and now behaves as a session cookie. This causes users to be logged out immediately upon closing the browser, contradicting the official documentation. The issue appears to be a side effect of the migration from Tornado to Starlette.

StreamlitUpdated May 28, 20260.18
Pain score
0.18/ 1.00 · weighted product of four components
Reach0.47
distinct authors (log-normalized)
Recency1.00
freshness decay, half-life months
Engagement1.00
upvotes + comments, normalized
Monetization0.50
willingness-to-pay cues in evidence
§ Evidence — 2 verified quotes
after upgrading from Streamlit 1.56.0 to 1.57.0, the authentication cookie set by st.login() is no longer persistent. It behaves as a session cookie (deleted when the browser is closed) instead of persisting for 30 days as documented.
Forum·@Andreas6··source ↗
the authentication cookie set by st.login() is now behaving as a session cookie (deleted on browser close), rather than persisting for 30 days as previously documented and expected.
Forum·@AgentStreamy··source ↗

Comments are a Pro feature — join the conversation, share what you've shipped, hear what others are building.

Upgrade to Pro