From e0a2bc11a60d831cda27ca04e20719f48588871f Mon Sep 17 00:00:00 2001
From: Carl Worth <cworth@cworth.org>
Date: Wed, 21 Dec 2022 12:47:27 -0800
Subject: [PATCH] Extend maxAge of cookies to be a full week

The other cookie properties set in this commit are the defaults.

We want a long cookie age so that sessions are as persistent as possible.

The default maxAge is unset, but apparently instead of that meaning
"never expire" it is interpeted by agents as meaning the cookie is
non-peristent (and the agent may delete the cookie on browser close).
---
 index.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 7083b13..b149d09 100644
--- a/index.js
+++ b/index.js
@@ -75,7 +75,14 @@ const session_middleware =  session(
      secret: process.env.ZOMBOCOM_SESSION_SECRET,
      resave: false,
      saveUninitialized: true,
-     rolling: true
+     rolling: true,
+     // Let each cookie live for a full month
+     cookie: {
+         path: '/',
+         httpOnly: true,
+         secure: false,
+         maxAge: 1000 * 60 * 60 * 24 * 30
+     }
     });
 
 app.use(session_middleware);
-- 
2.43.0