From 38215c46aec5ac3561b1efa05a2b242a6b39f464 Mon Sep 17 00:00:00 2001
From: Panagiotis Papadopoulos <pano_90@gmx.net>
Date: Thu, 13 Feb 2025 09:04:34 +0100
Subject: [PATCH] feat(login): make use of default maxAge by sessionParser

cookie will use the default value set in sessionParser middleware, which is controlled by
config.Session.cookieMaxAge

if rememberMe is not set -> the value is unset and the cookie becomes a non-persistent cookie,
which the browser delete after the current session (e.g. when you close the browser)
---
 src/routes/login.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/routes/login.ts b/src/routes/login.ts
index 21ebaf280..9bac3db74 100644
--- a/src/routes/login.ts
+++ b/src/routes/login.ts
@@ -70,9 +70,12 @@ function login(req: Request, res: Response) {
     }
 
     req.session.regenerate(() => {
-        const sessionMaxAge = 21 * 24 * 3600000 // 3 weeks in Milliseconds
+        if (!rememberMe) {
+            // unset default maxAge set by sessionParser
+            // Cookie becomes non-persistent and expires after current browser session (e.g. when browser is closed)
+            req.session.cookie.maxAge = undefined;
+        }
 
-        req.session.cookie.maxAge = (rememberMe) ? sessionMaxAge : undefined;
         req.session.loggedIn = true;
 
         res.redirect(".");