tomwalder
commented
7 years ago Thanks for the PR!
I agree this should work for now, to keep extending the browser cookie.
However, there is a TODO around line 181 for verifying the persisted session data server-side to ensure session duration.
It's not implemented right now, so would have no effect... but it will become a problem... one day!
Pretty simple change really, every time the session is started this change recalculated the session lifetime and resets the cookie expiry for it to prevent sessions dying randomly.