From d3663772313037d3734b7795f0f8828e625a5e2e Mon Sep 17 00:00:00 2001
From: moson-mo <mo-son@mailbox.org>
Date: Thu, 25 May 2023 14:20:38 +0200
Subject: [PATCH] fix: make AURREMEMBER cookie a permanent one

If it's a session cookie it poses issues for users
whose browsers wipe session cookies after close.
They'd be logged out early even if they chose
the "remember me" option when they log in.

Signed-off-by: moson-mo <mo-son@mailbox.org>
---
 aurweb/routers/auth.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/aurweb/routers/auth.py b/aurweb/routers/auth.py
index 71547429..98a655e3 100644
--- a/aurweb/routers/auth.py
+++ b/aurweb/routers/auth.py
@@ -70,6 +70,7 @@ async def login_post(
         return await login_template(request, next, errors=["Account Suspended"])
 
     cookie_timeout = cookies.timeout(remember_me)
+    perma_timeout = aurweb.config.getint("options", "permanent_cookie_timeout")
     sid = _retry_login(request, user, passwd, cookie_timeout)
     if not sid:
         return await login_template(request, next, errors=["Bad username or password."])
@@ -88,6 +89,7 @@ async def login_post(
     response.set_cookie(
         "AURREMEMBER",
         remember_me,
+        max_age=perma_timeout,
         secure=secure,
         httponly=secure,
         samesite=cookies.samesite(),