From ed65db82c1ef64e197d4f60b55d06b2d0df4c1d0 Mon Sep 17 00:00:00 2001 From: Klaudia Blazyczek Date: Fri, 10 Jul 2026 15:23:37 +0200 Subject: [PATCH] fix(core): respect rememberMe flag for session persistence --- .../pam/identity/service/identity.service.ts | 24 ++++++++++++++++--- packages/core/src/server/auth/auth.ts | 1 - 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/packages/core/src/pam/identity/service/identity.service.ts b/packages/core/src/pam/identity/service/identity.service.ts index 88db951..6445715 100644 --- a/packages/core/src/pam/identity/service/identity.service.ts +++ b/packages/core/src/pam/identity/service/identity.service.ts @@ -76,10 +76,28 @@ function toUser(u: BetterAuthUser) { return u.image !== undefined ? { ...base, image: u.image } : base; } -function forwardCookies(authResponse: globalThis.Response, resHeaders: Headers): void { +function forwardCookies( + authResponse: globalThis.Response, + resHeaders: Headers, + rememberMe?: boolean, +): void { const cookies = authResponse.headers.getSetCookie?.() ?? []; + const REMEMBER_ME_DURATION_SECONDS = 30 * 24 * 60 * 60; // 30 days for (const cookie of cookies) { - resHeaders.append('set-cookie', cookie); + const isSessionCookie = cookie.includes('HttpOnly') && cookie.includes('Path='); + if (isSessionCookie && rememberMe === true) { + const parts = cookie.split('; '); + const baseAndValue = parts[0]; + const attrs = parts.slice(1); + const filteredAttrs = attrs.filter( + (attr) => + !attr.toLowerCase().startsWith('max-age') && !attr.toLowerCase().startsWith('expires'), + ); + filteredAttrs.push(`Max-Age=${REMEMBER_ME_DURATION_SECONDS}`); + resHeaders.append('set-cookie', [baseAndValue, ...filteredAttrs].join('; ')); + } else { + resHeaders.append('set-cookie', cookie); + } } } @@ -320,7 +338,7 @@ export class IdentityService { }); } - forwardCookies(authResponse, resHeaders); + forwardCookies(authResponse, resHeaders, input.rememberMe); const body = (await authResponse.json()) as { user?: BetterAuthUser; token?: string; diff --git a/packages/core/src/server/auth/auth.ts b/packages/core/src/server/auth/auth.ts index c47c69f..88eae0b 100644 --- a/packages/core/src/server/auth/auth.ts +++ b/packages/core/src/server/auth/auth.ts @@ -49,7 +49,6 @@ export function createAuth(options: AuthOptions): BetterAuthType { }, emailAndPassword: { enabled: true, - rememberMeDuration: 30 * 24 * 60 * 60, sendResetPassword: async ({ user, url, token }) => { await sendEmail({ to: user.email,