fix auth cookie expiration datetime

1 files changed, 8 insertions, 7 deletions

diff --git a/pages/auth.fnl b/pages/auth.fnl
index fc35be0..9cb7a66 100644
--- a/pages/auth.fnl
+++ b/pages/auth.fnl
@@ -20,15 +20,13 @@
     [:h2 {} "Войти"]
     (forms.render-form auth-form data errors)])])
 
-(fn create-session [db user]
+(fn create-session [db user expires-at]
   (local id (_G.must (luna.crypto.random-string 64)))
-  (local next-week (os.date "%Y-%m-%d %H:%M:%S"
-                            (+ (os.time) (* 60 60 24 7))))
   (_G.must
     (luna.db.exec
       db "INSERT INTO auth_sessions (id, user, creation_time, expires_at)
           VALUES (?, ?, ?, ?)"
-      [id user (lib.now) next-week]))
+      [id user (lib.now) expires-at]))
 
   id)
 
@@ -57,10 +55,13 @@
                      {:password "Пользователя с таким именем и паролем не существует."}
                      nil)]
         (if correct-creds?
-          (do
-            (local session-id (create-session db name))
+          (let [next-week (+ (os.time) (* 60 60 24 7))
+                session-id (create-session
+                             db name (os.date "%Y-%m-%d %H:%M:%S" next-week))
+                cookie-expires (os.date "%a, %d %b %Y %H:%M:%S GMT" next-week)]
             (values 302 {:Location "/shop"
-                         :Set-Cookie (.. "auth= " session-id "; HttpOnly; SameSite=strict"
+                         :Set-Cookie (.. "auth= " session-id "; HttpOnly; SameSite=strict;"
+                                         "Expires=" cookie-expires
                                          (if luna.debug? "" "; Secure"))} ""))
           (values 200 {} (templates.base (content request.form errors)))))
       (values 200 {} (templates.base (content {} {}))))))