happyDomain

History

Pierre-Olivier Mercier 68a783b7bb security: 15-day session lifetime with 7-day auto-renewal - Reduce SESSION_MAX_DURATION from 365 days to 15 days - Add SESSION_RENEWAL_THRESHOLD (7 days): sessions are only extended when fewer than 7 days remain, instead of refreshing on every request - Align cookie MaxAge with SESSION_MAX_DURATION (derived from the constant) - Enforce expiry in load(): expired sessions are deleted on first use and the caller receives an error, preventing Bearer-token replay of stale sessions that the securecookie age check would not catch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-12 15:03:56 +07:00
..
sessions.go	security: 15-day session lifetime with 7-day auto-renewal	2026-03-12 15:03:56 +07:00

Pierre-Olivier Mercier 68a783b7bb security: 15-day session lifetime with 7-day auto-renewal

- Reduce SESSION_MAX_DURATION from 365 days to 15 days
- Add SESSION_RENEWAL_THRESHOLD (7 days): sessions are only extended
  when fewer than 7 days remain, instead of refreshing on every request
- Align cookie MaxAge with SESSION_MAX_DURATION (derived from the constant)
- Enforce expiry in load(): expired sessions are deleted on first use
  and the caller receives an error, preventing Bearer-token replay of
  stale sessions that the securecookie age check would not catch

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-12 15:03:56 +07:00

sessions.go

security: 15-day session lifetime with 7-day auto-renewal

2026-03-12 15:03:56 +07:00