fix: prevent users from being logged out when browser session ends

Koosha-Owji · Koosha-Owji · commit 179f6ae453ed · 2025-07-24T18:07:18.000+10:00
diff --git a/src/lib/hooks/sessionHooks.ts b/src/lib/hooks/sessionHooks.ts
@@ -1,6 +1,8 @@
 import type { EventHandler } from "$lib/types/handler.js";
 
 export async function sessionHooks({ event }: { event: EventHandler }) {
+  const TWENTY_NINE_DAYS = 29 * 24 * 60 * 60; // 29 days in seconds
+
   event.request.setSessionItem = async (
     itemKey: string,
     itemValue: unknown,
@@ -16,6 +18,7 @@ export async function sessionHooks({ event }: { event: EventHandler }) {
         secure: process.env.NODE_ENV === "production",
         sameSite: "lax",
         httpOnly: true,
+        maxAge: TWENTY_NINE_DAYS,
       },
     );
   };
diff --git a/src/tests/hooks.spec.ts b/src/tests/hooks.spec.ts
@@ -154,4 +154,35 @@ describe("sessionHooks", () => {
     expect(retrievedValue1).toBeUndefined();
     expect(retrievedValue2).toBeUndefined();
   });
+
+  it("should set cookies with 29-day expiry", async () => {
+    // Arrange
+    const TWENTY_NINE_DAYS = 29 * 24 * 60 * 60; // 29 days in seconds
+    const event = {
+      request: {},
+      cookies: {
+        set: vi.fn(),
+        get: vi.fn(),
+      },
+    };
+
+    await sessionHooks({ event });
+
+    // Act
+    await event.request.setSessionItem("testKey", "testValue");
+
+    // Assert
+    expect(event.cookies.set).toHaveBeenCalledWith(
+      "kinde_testKey",
+      "testValue",
+      expect.objectContaining({
+        maxAge: TWENTY_NINE_DAYS,
+        domain: process.env.KINDE_COOKIE_DOMAIN,
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        httpOnly: true,
+      }),
+    );
+  });
 });
