fix: add sessionBased option to setCustomCookie

yaroslav8765 · yaroslav8765 · commit 62d130e2b737 · 2026-02-19T15:14:13.000+02:00
https://web.tracklify.com/project/2b7ZVgE5/AdminForth/1138/p0NJvBx3/research-whether-we-should-set
diff --git a/adminforth/auth.ts b/adminforth/auth.ts
@@ -106,9 +106,9 @@ getClientIp(headers: object) {
   }
 
   setCustomCookie({ response, payload }: {
-    response: any, payload: { name: string, value: string, expiry?: number | undefined, expirySeconds: number | undefined, httpOnly: boolean }
+    response: any, payload: { name: string, value: string, expiry?: number | undefined, expirySeconds: number | undefined, httpOnly: boolean, sessionBased?: boolean | undefined }
   }) {
-    const {name, value, expiry, httpOnly, expirySeconds } = payload;
+    const {name, value, expiry, httpOnly, expirySeconds, sessionBased } = payload;
 
     let expiryMs = 24 * 60 * 60 * 1000; // default 1 day
     if (expirySeconds !== undefined) {
@@ -117,11 +117,14 @@ getClientIp(headers: object) {
       afLogger.warn(`setCustomCookie: expiry(in ms) is deprecated, use expirySeconds instead (seconds), traceback: ${new Error().stack}`);
       expiryMs = expiry;
     }
-
     const brandSlug = this.adminforth.config.customization.brandNameSlug;
-    response.setHeader('Set-Cookie', `adminforth_${brandSlug}_${name}=${value}; Path=${this.adminforth.config.baseUrl || '/'};${
-      httpOnly ? ' HttpOnly;' : ''
-    } SameSite=Strict; Expires=${new Date(Date.now() + expiryMs).toUTCString() } `);
+    response.setHeader('Set-Cookie', 
+      `adminforth_${brandSlug}_${name}=${value}; Path=${this.adminforth.config.baseUrl || '/'};${
+        httpOnly ? ' HttpOnly;' : '' 
+      }SameSite=Strict;${
+        sessionBased ? '' : `Expires=${new Date(Date.now() + expiryMs).toUTCString() }`
+      }`
+    );
   }
 
   getCustomCookie({ cookies, name }: {
