Sorry, this is quite valid, and I hesitate to believe these issues are sufficiently covered in existing bug reports, or such obvious errors would have been fixed immediately, most of it is not difficult. "Up to one year" is nitpicking, seeing as this stuff isn't flexible. These expiring cookies get a specific end date, it isn't fuzzy, computers are specific. I don't think it said "up to", but if it does that's intentional lying unless it actually IS a year (no matter the precise wording, sorry). All the same arguments go to the place that said 180 days. If that's not the specific length - it was worded like it is - that's also a lie. If it's accurate, the checkbox is a lie. SOMETHING needs fixing, only devs who can see the code can confirm the actual truth.

I felt this counted as Security since security is the reason we get logged out, and security is the reason for the email. Both are to protect the security of Wikipedia accounts. If there was no need to secure against malicious activity, there's no need to log us out, this is to make sure a malicious party doesn't find us logged in and do things in our name. And the email is to alert us of a login, in case someone else managed to login as us, then same thing, could make malicious edits in our name. Also, these security features making mistakes suggests potential for a minor security breach, if this isn't working right there might be something to exploit in this. As sbassett stated I can't see the exploit, but I'm not someone who makes a habit of using exploits, so that doesn't mean there isn't one. Feels better to fix it to be sure.