Make cookie duration dependent on configuration

This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS. As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry. Fixes: #2214
2024-04-30 01:21:23 +03:00 · 2024-04-30 01:21:23 +03:00 · 7d6a4243c1
parent d056aa1f73
commit 7d6a4243c1
1 changed files with 3 additions and 4 deletions
--- a/internal/http/cookie/cookie.go
+++ b/internal/http/cookie/cookie.go
@ -6,15 +6,14 @@ package cookie // import "miniflux.app/v2/internal/http/cookie"
 import (
 	"net/http"
 	"time"
+
+	"miniflux.app/v2/internal/config"
 )

 // Cookie names.
 const (
 	CookieAppSessionID  = "MinifluxAppSessionID"
 	CookieUserSessionID = "MinifluxUserSessionID"
-
-	// Cookie duration in days.
-	cookieDuration = 30
 )

 // New creates a new cookie.
@ -25,7 +24,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie {
 		Path:     basePath(path),
 		Secure:   isHTTPS,
 		HttpOnly: true,
-		Expires:  time.Now().Add(cookieDuration * 24 * time.Hour),
+		Expires:  time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour),
 		SameSite: http.SameSiteLaxMode,
 	}
 }