The cookie is reset everytime something in the session payload
changes. Whenever its reset, the original value of expires is
used.
This is good unless the duration or the creation time change. In
that case, we need to also update the cookie expiry to match the
expiry of the signed payload.
The cookie is reset everytime something in the session payload changes. Whenever its reset, the original value of expires is used.
This is good unless the duration or the creation time change. In that case, we need to also update the cookie expiry to match the expiry of the signed payload.