Refresh of tokens is not triggered on local schema browser close

[florjanklancar-kaldi]

Environment

• Operating System: Darwin
• Node Version: v20.18.0
• Nuxt Version: 3.13.2
• CLI Version: 3.15.0
• Nitro Version: 2.9.7
• Package Manager: pnpm@9.12.2
• Builder: -
• User Config: default
• Runtime Modules: @nuxt/eslint@0.5.7, @nuxtjs/tailwindcss@6.12.2, shadcn-nuxt@0.10.4, @sidebase/nuxt-auth@0.9.4
• Build Modules: -

Reproduction

Nuxt config:

 auth: {
    baseURL: `${process.env.API_BASE_URL}/auth/`,
    provider: {
      type: "local",
      endpoints: {
        signIn: { path: "login", method: "post" },
        getSession: { path: "current", method: "get" },
        signOut: false,
      },
      pages: {
        login: "/login",
      },
      token: {
        maxAgeInSeconds: +process.env.JWT_SECRET_EXPIRATION_IN_SECONDS!,
        signInResponseTokenPointer: "/access_token",
      },
      refresh: {
        isEnabled: true,
        endpoint: { path: "refresh", method: "post" },
        refreshOnlyToken: false,
        token: {
          signInResponseRefreshTokenPointer: "/refresh_token",
          refreshRequestTokenPointer: "/refresh_token",
          maxAgeInSeconds: +process.env.JWT_SECRET_EXPIRATION_IN_SECONDS!,
        },
      },
      session: {
        dataType: {
          firstName: "string",
          lastName: "string",
          sub: "string",
          userId: "string",
          isTwoFactorAuthorized: "boolean",
          isTwoFactorEnable: "boolean",
          isTwoFactorOptIn: "boolean",
          location: `{amlDataAccess: boolean,
            locationId: string,
            locationName: string,
            locationNameId: string,
            locationToPartnerId:string,
            partnerType: string}[]`,
          roles: `{ name: string, companyId: string}[]`,
        },
      },
    },
    sessionRefresh: {
      enableOnWindowFocus: true,
      enablePeriodically: +process.env.JWT_EXPIRATION_IN_S! * 1000,
    },
    globalAppMiddleware: {
      isEnabled: true,
      allow404WithoutAuth: true,
    },
  },

Describe the bug

When setting the access token max age, I use the same expiration value (in seconds) as the refresh_token. Initially, the token appears to have the correct expiry date in the browser's cookie storage. However, once the access token expires (10 minutes in my case), it is removed from the cookies.

If I close the browser and return after more than 10 minutes, I am automatically signed out and redirected to the login screen. I would expect the library to call the refresh token endpoint to obtain a new session instead of requiring users to sign in again, especially when a valid refresh_token is still available in the cookies.

Also the access token is removed from cookies storage even when the expired date was set the same as refresh token which is 5 days in my example.

Additional context

No response

Logs

No response