In context/auth, since now is defined outside of the component, COOKIE_EXPIRE_DATE will always be the same value as long as the user doesn't refresh the browser. So if we allow users to stay logged in for 30 days, a user loads the page, keeps their browser open for 29 days, then logs in, their session will only last 1 day.
Probably not a huge deal (especially since our default session lifetime is 1 year). But it could be an issue if someone wants to use very short sessions.
Changes
This PR computes the session lifetime on login, when the token cookie is set.
I generated an app and logged in. The session lifetime is still one year, as expected.
In
context/auth, sincenowis defined outside of the component,COOKIE_EXPIRE_DATEwill always be the same value as long as the user doesn't refresh the browser. So if we allow users to stay logged in for 30 days, a user loads the page, keeps their browser open for 29 days, then logs in, their session will only last 1 day.Probably not a huge deal (especially since our default session lifetime is 1 year). But it could be an issue if someone wants to use very short sessions.
Changes
I generated an app and logged in. The session lifetime is still one year, as expected.
Checklist