73 backend remember me

[ManuP6789]

Description

Added remember me functionality for login. I decided not to use the cookies library since it would have required for us to create our own cookie and handle the remember me sessions by ourselves and logout the user after the set time period. I think it was better to use the JTW token from nextauth (which we already use). I had to modify the maxAge setting which handles how long until an idle session expires and is no longer valid. Since you cannot directly edit the change the maxAge on every reload of the session in options.ts. I had to dynamically pass in a dynamicMaxAge from router.ts to options.ts. It compares the current time with the expiration time (30 days or 1 day) to check how long the MaxAge has until it expires the session.

• By doing this we ensure that we do not make mistakes in our own cookie implementation.
• It follows secure standard practices that nextAuth already has with JTW Tokens.
• It ensures consistency between the session.expires, maxAge, and token.exp. (It can be retrieved from anywhere in the page to see how long the session is going to last, if needed)

Issues

#73

Screenshots

N/A

Test

In order to test, I left console.logs that are useful for testing the session expiration times and that every value that holds the expiration date or expiration time is consistent in the JWT token, session, and nextAuth options.ts maxAge.

1. In options.ts, line 85: change -> token.expiresIn = token.rememberMe ? 30 * 24 * 60 * 60 : 24 * 60 * 60; to token.expiresIn = token.rememberMe ? 90 : 20; (seconds, left is Remember me ON)
2. In route.ts, line 16: change -> maxAge = token.rememberMe ? 30 * 24 * 60 * 60 : 24 * 60 * 60; to maxAge = token.rememberMe ? 90 : 20;
3. Login with remember me on and look at your console to see that the console log shows maxAge to 90 or 89 (depending on delay)
4. Close the page and open it again and should see the maxAge go down. Additionally look at the session number, jwt callback number, and exp in the JTW token and they should all be the same. That is the expiration date!
5. Stay on the page until the 90s pass and you will be redirected to the login page.
6. Follow steps 3-5 with rememberMe OFF, it should now start at 20s.

I will delete the console.logs once the pr is reviewd!

Possible Downsides

Since we are relying entirely on the nextAuth JWT token, if there is a fixed default behavior that we are unaware, it may cause issues. So far I have not seen any, but it may be hard to test in the future.

Additional Documentations

• Remember me functionality and session expiration nextauthjs/next-auth#3794, I followed the solution in the nextauth discussion github page, specifically the one by [araysargsyan] for reference.

[wkim10]

Doesn't seem like this function is being used, were you planning on using it for something or is it okay to remove?

[ManuP6789]

Yeah, I forgot to remove it. Thanks 🙏

[wkim10]

LGTM! Great work, just added a few fields to fix the token types. Feel free to merge after you remove all the console logs!