From 4aeed3dd7454d9a97c5b6689b29fb0a335b0d9da Mon Sep 17 00:00:00 2001
From: Jacob Sommer <js0mmer@users.noreply.github.com>
Date: Sun, 10 Dec 2023 14:27:11 -0800
Subject: [PATCH] Increase session cookie max age (#384)

* Increase session length to 30 days

* fix: set session length on user cookie
---
 api/src/app.ts               | 4 +++-
 api/src/config/constants.ts  | 1 +
 api/src/controllers/users.ts | 5 ++++-
 3 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 api/src/config/constants.ts

diff --git a/api/src/app.ts b/api/src/app.ts
index 6e42ce8c..f8995f85 100644
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -28,6 +28,8 @@ import graphqlRouter from './controllers/graphql';
 import roadmapRouter from './controllers/roadmap';
 import reportsRouter from './controllers/reports';
 
+import { SESSION_LENGTH } from './config/constants';
+
 // instantiate app
 const app = express();
 
@@ -49,7 +51,7 @@ if (process.env.MONGO_URL) {
     secret: process.env.SESSION_SECRET,
     resave: false,
     saveUninitialized: false,
-    cookie: { maxAge: 1000 * 60 * 60 * 24 },
+    cookie: { maxAge: SESSION_LENGTH },
     store: store,
   }));
   app.use(passport.initialize());
diff --git a/api/src/config/constants.ts b/api/src/config/constants.ts
new file mode 100644
index 00000000..b599b195
--- /dev/null
+++ b/api/src/config/constants.ts
@@ -0,0 +1 @@
+export const SESSION_LENGTH = 30 * 86400 * 1000;
\ No newline at end of file
diff --git a/api/src/controllers/users.ts b/api/src/controllers/users.ts
index f7f5d0e8..7e32d333 100644
--- a/api/src/controllers/users.ts
+++ b/api/src/controllers/users.ts
@@ -4,6 +4,7 @@
 
 import express, { Request, Response } from 'express';
 import passport from 'passport';
+import { SESSION_LENGTH } from '../config/constants';
 
 let router = express.Router();
 
@@ -158,7 +159,9 @@ router.get('/auth/github/callback',
 function successLogin(req: Request, res: Response) {
   console.log('Logged in', req.user);
   // set the user cookie
-  res.cookie('user', req.user);
+  res.cookie('user', req.user, {
+    maxAge: SESSION_LENGTH
+  });
   // redirect browser to the page they came from
   let returnTo = req.session.returnTo ?? '/';
   delete req.session.returnTo;