Added cookieExpires for domain cookies to standardize session expirat…

…ion (#19)
rorylshanks · Mar 15, 2024 · 8c93acb · 8c93acb
1 parent 3acb003
commit 8c93acb
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/lib/sso.js b/lib/sso.js
@@ -141,6 +141,10 @@ async function setSessionCookie(req, res) {
 
             req.session.loggedin = true
             req.session.userId = decoded.userId;
+
+            // This sets the cookie for the accessed domain to expire at the same time as the "main" veriflow cookie, to 
+            // prevent a user from being deauthenticated from Veriflow, but still authenticated on the subdomains. 
+            req.session.cookie.expires = decoded.cookieExpires
 
             var redirectProtocol = decoded.protocol
             var redirectHost = decoded.host
@@ -198,7 +202,8 @@ async function redirectToSsoProvider(req, res) {
                 host: redirectToken.host,
                 path: redirectToken.path,
                 query: redirectToken.query,
-                userId: req.session.userId
+                userId: req.session.userId,
+                cookieExpires: req.session.cookie.expires
             }
             var signedJwt = await createJWT(jwtPayload)