So, it looks like most (all?) people affected are using more than one machine/browser to browse FES. As a quick test, I logged in and logged out on a second browser while having my usual browser up - I ended up being logged out from both, with the cookie from the original browser disappearing.
You've cracked it! Thanks for spotting that, pizaa.
In its
Logout function, SMF does this (among other things):
if (!empty($user_info['id']))
updateMemberData($user_info['id'], array('password_salt' => substr(md5(mt_rand()), 0, 4)));
The
password_salt here is what's used for encrypting the user's password in the login cookie. Since it gets reset on logout from
any browser, this will cause all current logins to be terminated, as their cookies will no longer be valid.
Fixing this is going to require a bit of thinking, as it looks like the salt also gets reset at login time, so logging back in again would break other logins regardless.