Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.113 -r1.114
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	3 Nov 2018 19:47:34 -0000	1.113
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	25 Nov 2018 17:25:07 -0000	1.114
@@ -222,7 +222,7 @@
             # # if only they keep requesting pages frequently enough, but the alternative was that
             # # the situation where LoginTimeout = 0 (infinite) and the user unchecks the "Remember me" checkbox
             # # would cause users' sessions to expire as soon as the session needed to be renewed
-            sec_generate_session_id_cookie
+            #sec_generate_session_id_cookie
 
             # apisano 2018-06-08: as discussed in
             # https://openacs.org/forums/message-view?message_id=1691183#msg_1691183,
@@ -232,10 +232,12 @@
             # GN: when we use "sec_login_handler" instead of the
             # previous code using "sec_generate_session_id_cookie",
             # persistent logins stop to work (people are logged out
-            # from time to time). So, i switched for the time being
-            # the to old code.
+            # from time to time). However, when just
+            # [sec_generate_session_id_cookie] is used then the login
+            # cookie is nevery checked, as long there is a
+            # cryptographically valid session cookie.
             #
-            #sec_login_handler
+            sec_login_handler
         }
 
         #