search

lucia-auth / lucia

Authentication, simple and clean
https://lucia-auth.com
MIT License
9.18k stars 466 forks source link

[Bug]: Cookie expiration does not match session expiration length #1601

Closed khromov closed 3 months ago

khromov commented 3 months ago

Package

lucia

Describe the bug

I have a Lucia setup with a very long expiration (9999 w). Basically I don't want the sessions to expire at all.

export const lucia = new Lucia(adapter, {
    sessionExpiresIn: new TimeSpan(9999, "w"),
});

When using createSessionCookie I would expect the cookie expiration to match the TimeSpan.

    const session = await lucia.createSession(1, {});
    const sessionCookie = lucia.createSessionCookie(session.id);

However, the Expires seems to be set about 1 year in the future:

auth_session brsyk5ll3664nwez4cvi4ycira2h727hsjya65oj localhost / 2025-07-23T21:32:06.292Z
pilcrowOnPaper commented 3 months ago

This is a browser behavior, not a bug with our code. Browsers have a limit on cookie expirations, usually around 1-2 years