Merge pull request #84 from Koosha-Owji/main

DanielRivers · web-flow · commit bf77bf9c80be · 2025-07-24T09:56:31.000+01:00
fix: prevent users from being logged out when browser session ends
diff --git a/src/lib/hooks/sessionHooks.ts b/src/lib/hooks/sessionHooks.ts
@@ -16,6 +16,7 @@ export async function sessionHooks({ event }: { event: EventHandler }) {
         secure: process.env.NODE_ENV === "production",
         sameSite: "lax",
         httpOnly: true,
+        maxAge: 29 * 24 * 60 * 60,
       },
     );
   };
diff --git a/src/tests/hooks.spec.ts b/src/tests/hooks.spec.ts
@@ -154,4 +154,34 @@ describe("sessionHooks", () => {
     expect(retrievedValue1).toBeUndefined();
     expect(retrievedValue2).toBeUndefined();
   });
+
+  it("should set cookies with 29-day expiry", async () => {
+    // Arrange
+    const event = {
+      request: {},
+      cookies: {
+        set: vi.fn(),
+        get: vi.fn(),
+      },
+    };
+
+    await sessionHooks({ event });
+
+    // Act
+    await event.request.setSessionItem("testKey", "testValue");
+
+    // Assert
+    expect(event.cookies.set).toHaveBeenCalledWith(
+      "kinde_testKey",
+      "testValue",
+      expect.objectContaining({
+        maxAge: 29 * 24 * 60 * 60,
+        domain: process.env.KINDE_COOKIE_DOMAIN,
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        httpOnly: true,
+      }),
+    );
+  });
 });
