@@ -23,6 +23,7 @@ import setCookie from "set-cookie-parser"
2323import cookieParser from "cookie-parser"
2424import { logoutCookie } from "@app/auth"
2525import { checkedToPhoneNumber } from "@domain/users"
26+ import libCookie from "cookie"
2627
2728const authRouter = express . Router ( { caseSensitive : true } )
2829
@@ -170,21 +171,37 @@ authRouter.post(
170171 . status ( 500 )
171172 . send ( { error : "Missing csrf or ory_kratos_session cookie" } )
172173 }
174+ const kratosCookieStr = libCookie . serialize (
175+ kratosSessionCookie . name ,
176+ kratosSessionCookie . value ,
177+ {
178+ expires : kratosSessionCookie . expires ,
179+ maxAge : kratosSessionCookie . maxAge ,
180+ sameSite : "none" ,
181+ secure : kratosSessionCookie . secure ,
182+ httpOnly : kratosSessionCookie . httpOnly ,
183+ path : kratosSessionCookie . path ,
184+ } ,
185+ )
186+ const session = await kratosPublic . toSession ( { cookie : kratosCookieStr } )
187+ const thirtyDaysFromNow = new Date ( new Date ( ) . setDate ( new Date ( ) . getDate ( ) + 30 ) )
188+ const expiresAt = session . data . expires_at
189+ ? new Date ( session . data . expires_at )
190+ : thirtyDaysFromNow
191+ const maxAge = expiresAt . getTime ( ) - new Date ( ) . getTime ( )
173192 res . cookie ( kratosSessionCookie . name , kratosSessionCookie . value , {
174- maxAge : kratosSessionCookie . maxAge ,
193+ maxAge,
175194 sameSite : "none" ,
176195 secure : kratosSessionCookie . secure ,
177196 httpOnly : kratosSessionCookie . httpOnly ,
178197 path : kratosSessionCookie . path ,
179- expires : kratosSessionCookie . expires ,
180198 } )
181199 res . cookie ( csrfCookie . name , csrfCookie . value , {
182- maxAge : csrfCookie . maxAge ,
200+ maxAge,
183201 sameSite : "none" ,
184202 secure : csrfCookie . secure ,
185203 httpOnly : csrfCookie . httpOnly ,
186204 path : csrfCookie . path ,
187- expires : csrfCookie . expires ,
188205 } )
189206 } catch ( err ) {
190207 recordExceptionInCurrentSpan ( { error : err } )
0 commit comments