Fix express() middleware cookies (#1217)

lucia-auth · Oct 24, 2023 · 7c6a84a · 7c6a84a
1 parent 00babe3
commit 7c6a84a
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/.auri/$15w731jp.md b/.auri/$15w731jp.md
@@ -0,0 +1,6 @@
+---
+package: "lucia" # package name
+type: "patch" # "major", "minor", "patch"
+---
+
+Fix `express()` middleware setting incorrect `Max-Age` cookie attribute
diff --git a/documentation/content/guidebook/github-oauth/$express.md b/documentation/content/guidebook/github-oauth/$express.md
@@ -132,7 +132,7 @@ app.get("/login/github", async (req, res) => {
 		httpOnly: true,
 		secure: process.env.NODE_ENV === "production",
 		path: "/",
-		maxAge: 60 * 60
+		maxAge: 60 * 60 * 1000 // 1 hour
 	});
 	return res.status(302).setHeader("Location", url.toString()).end();
 });

diff --git a/packages/lucia/src/middleware/index.ts b/packages/lucia/src/middleware/index.ts
@@ -64,7 +64,11 @@ export const express = (): Middleware<[ExpressRequest, ExpressResponse]> => {
 				headers: createHeadersFromObject(req.headers)
 			},
 			setCookie: (cookie) => {
-				res.cookie(cookie.name, cookie.value, cookie.attributes);
+				const cookieMaxAge = cookie.attributes.maxAge;
+				res.cookie(cookie.name, cookie.value, {
+					...cookie.attributes,
+					maxAge: cookieMaxAge ? cookieMaxAge * 1000 : cookieMaxAge
+				});
 			}
 		} as const satisfies RequestContext;
 		return requestContext;