[GH-ISSUE #73] Add secure flag to set cookies if not in dev mode, so that HTTPS is used. Also set the expirationDate #65

New issue

Closed

opened 2026-03-23 20:31:34 +00:00 by mirror · 0 comments

mirror commented

2026-03-23 20:31:34 +00:00

Owner

Originally created by @pjlammertyn on GitHub (Jul 10, 2023).
Original GitHub issue: https://github.com/RADar-AZDelta/Keun/issues/73

Originally assigned to: @BostoenToby on GitHub.

cookies.set()

see code: github.com/RADar-AZDelta/Keun@23d16af999/src/routes/api/token/+server.ts (L7C13)

import { dev } from '$app/environment'
import { decodeToken } from '$lib/firebaseAdmin.server';

const decodedToken = await decodeToken(token);

cookies.set('token', token, {
  path: '/',
  httpOnly: true,
  secure: !dev,
  expirationDate: decodedIdToken.auth_time 
})

Originally created by @pjlammertyn on GitHub (Jul 10, 2023). Original GitHub issue: https://github.com/RADar-AZDelta/Keun/issues/73 Originally assigned to: @BostoenToby on GitHub. [cookies.set()](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/set) see code: https://github.com/RADar-AZDelta/Keun/blob/23d16af999b9a13ce395c81223de6edd44543809/src/routes/api/token/%2Bserver.ts#L7C13 ```ts import { dev } from '$app/environment' import { decodeToken } from '$lib/firebaseAdmin.server'; const decodedToken = await decodeToken(token); cookies.set('token', token, { path: '/', httpOnly: true, secure: !dev, expirationDate: decodedIdToken.auth_time }) ```