Are Session Cookies possible with next auth?

[paulschuetz]

We have two different user roles: "GUEST" and "PROFILE".
For guest users we want the session to always expire after they closed the browser window. Thus we would like to set the next auch session token without an expiry (which makes it a session cookie) inside the users browser. However, for profile users we would like to have an expiry of 24 hours. Is it possible to set the session tokens maxAge dynamically per user/signIn?

[Icegreeen]

you can use the callbacks function within the NextAuth configuration, specifically the session or jwt callback:

providers: [
    // Configuration of providers (e.g., Google, GitHub, Credentials, etc.)
  ],
  callbacks: {
    async jwt({ token, user }) {
      if (user) {
        if (user.type === 'GUEST') {
          // Set maxAge to 0 so that the cookie expires when the browser window is closed
          token.maxAge = 0; 
        } else if (user.type === 'PROFILE') {
          token.maxAge = 24 * 60 * 60; -> // Set maxAge to 24 hours
        }
      }
      return token;
    },
    async session({ session, token }) {
      // Pass the token's maxAge to the session
      session.maxAge = token.maxAge;
      return session;
    },
  },

@paulschuetz