Invalid expiry when maxAge is set and touchAfter is disabled

Question

tlo-johnson opened this issue 4 years ago · 3 comments

Setting cookie.maxAge and disabling touchAfter results in incorrect session expiry date.

Looks like it boils down to this line of code where maxAge should be added to the expiry.

Answer 1 · 2020-11-25T00:04:31.000Z

Thanks for pointing out, this is definitely a bug (a big one) and will be fixed in #283.

Answer 2 · 2020-11-25T04:22:12.000Z

Fix released in 3.4.0

Answer 3 · 2020-11-25T09:04:18.000Z

brilliant!! thx