oauthstate cookie expiration
dimalinux opened this issue · 1 comments
dimalinux commented
Thank you for the excellent example! I noticed that the oauthstate cookie is configured for an entire year. If I understand correctly, it's only needed for the time when the user is redirected to Google. Would it make sense to adjust it down to 20 minutes or less?
douglasmakey commented
Hello, @dimalinux, thanks for the suggestion, I put a year just to test but I forgot to change that.