It's worth mentioning here I think that github's code search is really quite good. I'm not trying to say that github can do no harm or that github "owning" OSS code hosting is a good thing, but the github search bar is a utility that IMO is worth the price of admission.
I think that sourcegraph maintains a similar quality OSS code search that can be searched for free but I have not personally used it.
The problem is that GH makes it the login process as painful as possible. Login tokens expire frequently, necessitating new logins. Logins require 2fa every time, which makes them extremely flow-breaking. Post-login you're not returned to the file you were on, so now you need to navigate back to search.
Logins are per domain and per device, so I end up dealing with this 4x per day if I'm using GitHub heavily. It's unnecessary.
This is not at all my experience with Github? I go through the 2fa flow maybe once a year, if that. I have to go through the SSO flow for my employer's private repositories once a day (which is my employer's policy, not Github's), but that properly redirects to the page I was trying to access.
Does your employer have a SSO flow that requires 2fa every time and doesn't redirect properly afterwards? That would be pretty annoying, but it's not Github's fault.
Counter-anecdote. I cannot even remember the last time I was asked to log into Github, at the office, at home, on my laptop, and even on my phone.
Do you perhaps have a browser setting that nukes cookies/session data by any chance? Or perhaps use a VPN that might be tripping some sort of account protection mechanism?
Counter-counter, I share his experience as well and don't have any of those things. Just bog standard Chrome with no extensions.
What I do have, and I expect is relevant: frequent ~weeklong gaps where I don't access GitHub at all in this browser profile. I assume there's some medium-lived token that's refreshed when you access the site.
My experience is similar to yours, though I seem to have to login every other week or so it feels like (maybe it’s once a month I don’t know).
This feeling could also be exasperated though since while I only use a personal GitHub account, I access it frequently from the browser and app on numerous devices.
I can definitively say though that I need to login more than twice a year on any one device.
Mine too. It wasn't always like this, but nowadays if I haven't accessed the site in a handful of days there's a good chance I'm logged out when I go. And it requires logging in, then mobile 2FA. It's very annoying.
Just to put this out there - but this doesn't actually sound that unreasonable.
Your tokens/session should expire at some point. We can argue over what might be a reasonable duration, but it definitely should expire.
What might be going on is if you visit the site/app it renews the token/session if it's still valid. So if you are relatively active on GH, you will stay logged in - otherwise you will eventually be logged out.
Just guessing, but all of this does seem reasonable. There's a lot your Github account can do, including a lot of damage to you and any organizations you are part of.
That's strange; I've been logged in to GitHub without having to re-log-in for.... a year or two now? I cannot remember the last time I had to log in. Maybe I visit the site more often, though, and that has something to do with it? Or the network you visit from is for some reason flagged as high-risk?
To me, ordinary login is one of the things they've genuinely improved over time I feel? I absolutely never deal with logins more than once a day per machine? With stuff like Passkey support now, I basically click two buttons in 1Pass and I'm logged in instantly on ~everywhere. I also feel like I never have my tokens expire.
I'm probably not doing the same stuff as you. It's sudo/elevated mode that really gets you I think, if you have no fast flow. Admittedly I don't add keys or anything like that very often.
GH Enterprise and public GH don't share tokens, so 1 login/day automatically becomes 2. Then, logins aren't shared across devices and 2 additional devices (phone and personal computer) makes 4 logins/day.
Not sure why GitHub expires tokens so quickly, but I can replicate it across every device I own and multiple accounts. Maybe they just don't like me?
I think that sourcegraph maintains a similar quality OSS code search that can be searched for free but I have not personally used it.