Make cookie duration dependent on configuration

This ensures that session cookies are not expiring before the session is cleaned up from the database as per CLEANUP_REMOVE_SESSIONS_DAYS. As of now the usefulness of this configuration option is diminished as extending it has no effect on the actual browser session due to the cookie expiry. Fixes: #2214
miniflux · Apr 29, 2024 · 0c4eeea · 0c4eeea
1 parent 4d3ee0d
commit 0c4eeea
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/internal/http/cookie/cookie.go b/internal/http/cookie/cookie.go
@@ -4,6 +4,7 @@
 package cookie // import "miniflux.app/v2/internal/http/cookie"
 
 import (
+ "miniflux.app/v2/internal/config"
  "net/http"
  "time"
 )
@@ -12,9 +13,6 @@ import (
 const (
  CookieAppSessionID = "MinifluxAppSessionID"
  CookieUserSessionID = "MinifluxUserSessionID"
-
- // Cookie duration in days.
- cookieDuration = 30
 )
 
 // New creates a new cookie.
@@ -25,7 +23,7 @@ func New(name, value string, isHTTPS bool, path string) *http.Cookie {
  Path: basePath(path),
  Secure: isHTTPS,
  HttpOnly: true,
- Expires: time.Now().Add(cookieDuration * 24 * time.Hour),
+ Expires: time.Now().Add(time.Duration(config.Opts.CleanupRemoveSessionsDays()) * 24 * time.Hour),
  SameSite: http.SameSiteLaxMode,
  }
 }