From 7d6a4243c1671bb0a978b32a4a5862f5f9d71da7 Mon Sep 17 00:00:00 2001
From: Kioubit <kioubit@localhost.localdomain>
Date: Tue, 30 Apr 2024 01:21:23 +0300
Subject: [PATCH] Make cookie duration dependent on configuration This ensures
 that session cookies are not expiring before the session is cleaned up from
 the database as per CLEANUP_REMOVE_SESSIONS_DAYS. As of now the usefulness of
 this configuration option is diminished as extending it has no effect on the
 actual browser session due to the cookie expiry. Fixes: #2214

---
 internal/http/cookie/cookie.go | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/internal/http/cookie/cookie.go b/internal/http/cookie/cookie.go
index 1d6a0fb0..94380274 100644
--- a/internal/http/cookie/cookie.go
+++ b/internal/http/cookie/cookie.go
@@ -6,15 +6,14 @@ package cookie // import "miniflux.app/v2/internal/http/cookie"
 import (
 	"net/http"
 	"time"
+
+	"miniflux.app/v2/internal/config"
 )
 
 // Cookie names.
 const (
 	CookieAppSessionID  = "MinifluxAppSessionID"
 	CookieUserSessionID = "MinifluxUserSessionID"
-
-	// Cookie duration in days.
-	cookieDuration = 30
 )
 
 // New creates a new cookie.
@@ -25,7 +24,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie {
 		Path:     basePath(path),
 		Secure:   isHTTPS,
 		HttpOnly: true,
-		Expires:  time.Now().Add(cookieDuration * 24 * time.Hour),
+		Expires:  time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour),
 		SameSite: http.SameSiteLaxMode,
 	}
 }