I apologize for not reading the earlier posts in more detail.
I added the LogRecorder and the logger as described above.
When I logout and back in, this (among other detail) shows in the log:
Mar 17, 2014 3:49:09 PM FINE org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices loginSuccess
Added remember-me cookie for user 'michael.broida', expiry: 'Mon Mar 31 15:49:09 GMT 2014'
So its set to expire in two weeks: Mar 31 - Mar 17 = 14 days.
My system time was about 10:49AM (US CDT) and the Jenkins Master node time was: 3:49:09PM (UTC). So those line up correctly: US CDT = UTC-5.
I see log entries like this one [cleansed], apparently every time I click a Jenkins link:
Mar 17, 2014 3:49:09 PM FINE org.acegisecurity.ui.rememberme.RememberMeProcessingFilter doFilter
SecurityContextHolder not populated with remember-me token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@f05122ff: Username: org.acegisecurity.userdetails.User@0: Username: michael.broida; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: authenticated, USER, admin; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: [nn.nn.nn.nn]; SessionId: 178z3b1pbslvm1hyjg8qchd6wo; Granted Authorities: authenticated, USER, admin'
Chrome shows an ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie with same Mar 31 expiration as above.
We'll see if Jenkins logs me out in the next couple of hours....