That does sound like expected behavior to me (without checking).
FWIW - I’ve reproduced the issue, and found (what I believe to be) the root cause - which is that hitting some endpoints from the website incorrectly trigger a security protection, which has the side effect of clearing the remember_me token against the current logged in user in the database.
I’ve passed what I’ve found on to the devs. As it involves a security protection, I think they’re considering what the best approach to fix it should be.