fix(pitch-deck): align JWT expiry with session lifetime (24h)
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m10s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 35s
CI / test-python-voice (push) Successful in 32s
CI / test-bqas (push) Successful in 37s
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m10s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 35s
CI / test-python-voice (push) Successful in 32s
CI / test-bqas (push) Successful in 37s
JWT was set to 1h while the session cookie lived 24h. After 1 hour the cookie persisted but jwtVerify failed, making /api/auth/me return 401 and the re-click redirect fall through to the already-used token error. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -4,8 +4,8 @@ import { cookies } from 'next/headers'
|
||||
import pool from './db'
|
||||
|
||||
const COOKIE_NAME = 'pitch_session'
|
||||
const JWT_EXPIRY = '1h'
|
||||
const SESSION_EXPIRY_HOURS = 24
|
||||
const JWT_EXPIRY = `${SESSION_EXPIRY_HOURS}h`
|
||||
|
||||
function getJwtSecret() {
|
||||
const secret = process.env.PITCH_JWT_SECRET
|
||||
|
||||
Reference in New Issue
Block a user