Closed Skeeve closed 3 years ago
After reading https://mrcoles.com/blog/cookies-max-age-vs-expires/
and checking that session keys do not have a max-age, I think this needs to be added
my %maxAge = {}; $maxAge{'max-age'} = $expiration if $expiration;
after this line: https://github.com/mojolicious/mojo/blob/103b2214cd176c2987ff75e4e8e05492509e3403/lib/Mojolicious/Sessions.pm#L49
and this: https://github.com/mojolicious/mojo/blob/103b2214cd176c2987ff75e4e8e05492509e3403/lib/Mojolicious/Sessions.pm#L53
should become:
my $options = { domain => $self->cookie_domain, expires => $session->{expires}, httponly => 1, path => $self->cookie_path, samesite => $self->samesite, secure => $self->secure, %$maxAge };
You're saying we "need" to make changes, but give no reasons for why. I'm afraid this issue will go nowhere.
I don't care. I thought it would be better to have max-age.
After reading https://mrcoles.com/blog/cookies-max-age-vs-expires/
and checking that session keys do not have a max-age, I think this needs to be added
after this line: https://github.com/mojolicious/mojo/blob/103b2214cd176c2987ff75e4e8e05492509e3403/lib/Mojolicious/Sessions.pm#L49
and this: https://github.com/mojolicious/mojo/blob/103b2214cd176c2987ff75e4e8e05492509e3403/lib/Mojolicious/Sessions.pm#L53
should become: