From c188056f64be268dda8f7c16e23f7ef9c90d014f Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Mon, 20 Apr 2026 14:00:18 +0200
Subject: Centralize session options and adjust cookies

Configure session cookie options centrally in initRouter and remove per-login MaxAge handling. Deleted SetMaxAge helper and its use in the login flow; session.Options are now applied once using basePath with HttpOnly and SameSite defaults, and MaxAge is set only when the stored setting is available and >0. Also make CookieManager.setCookie treat exdays as optional (only add expires when provided) and stop using a hardcoded 150-day expiry for the lang cookie in the JS language manager.

Co-Authored-By: Alireza Ahmadi <alireza7@gmail.com>
---
 web/assets/js/util/index.js | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

(limited to 'web/assets')

diff --git a/web/assets/js/util/index.js b/web/assets/js/util/index.js
index e69f3341..cc7b9287 100644
--- a/web/assets/js/util/index.js
+++ b/web/assets/js/util/index.js
@@ -651,10 +651,13 @@ class CookieManager {
     }
 
     static setCookie(cname, cvalue, exdays) {
-        const d = new Date();
-        d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000);
-        let expires = 'expires=' + d.toUTCString();
-        document.cookie = cname + '=' + encodeURIComponent(cvalue) + ';' + expires + ';path=/';
+        let expires = '';
+        if (exdays) {
+            const d = new Date();
+            d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000);
+            expires = 'expires=' + d.toUTCString() + ';';
+        }
+        document.cookie = cname + '=' + encodeURIComponent(cvalue) + ';' + expires + 'path=/';
     }
 }
 
@@ -813,13 +816,13 @@ class LanguageManager {
                 });
 
                 if (LanguageManager.isSupportLanguage(lang)) {
-                    CookieManager.setCookie("lang", lang, 150);
+                    CookieManager.setCookie("lang", lang);
                 } else {
-                    CookieManager.setCookie("lang", "en-US", 150);
+                    CookieManager.setCookie("lang", "en-US");
                     window.location.reload();
                 }
             } else {
-                CookieManager.setCookie("lang", "en-US", 150);
+                CookieManager.setCookie("lang", "en-US");
                 window.location.reload();
             }
         }
@@ -832,7 +835,7 @@ class LanguageManager {
             language = "en-US";
         }
 
-        CookieManager.setCookie("lang", language, 150);
+        CookieManager.setCookie("lang", language);
         window.location.reload();
     }
 
-- 
cgit v1.2.3