From 7d6a4243c1671bb0a978b32a4a5862f5f9d71da7 Mon Sep 17 00:00:00 2001 From: Kioubit Date: Tue, 30 Apr 2024 01:21:23 +0300 Subject: [PATCH] Make cookie duration dependent on configuration This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS. As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry. Fixes: #2214 --- internal/http/cookie/cookie.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/internal/http/cookie/cookie.go b/internal/http/cookie/cookie.go index 1d6a0fb0..94380274 100644 --- a/internal/http/cookie/cookie.go +++ b/internal/http/cookie/cookie.go @@ -6,15 +6,14 @@ package cookie // import "miniflux.app/v2/internal/http/cookie" import ( "net/http" "time" + + "miniflux.app/v2/internal/config" ) // Cookie names. const ( CookieAppSessionID = "MinifluxAppSessionID" CookieUserSessionID = "MinifluxUserSessionID" - - // Cookie duration in days. - cookieDuration = 30 ) // New creates a new cookie. @@ -25,7 +24,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie { Path: basePath(path), Secure: isHTTPS, HttpOnly: true, - Expires: time.Now().Add(cookieDuration * 24 * time.Hour), + Expires: time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour), SameSite: http.SameSiteLaxMode, } }