Cookie needs to expire at the same time indicated by JWT payload expiration

[iamemhn]

The cookie expiration is hardcoded as '4 weeks' on JWT.pm, line 227

my %cookie = (value => $encoded, name => '_jwt', expires => "4 weeks", path => '/', http_only => 0);

It should be changed to use the actual exp claim from the JWT payload.

[iamemhn]

I propose the following patch

--- a/lib/Dancer2/Plugin/JWT.pm
--
+++ b/lib/Dancer2/Plugin/JWT.pm
@@ -224,7 +224,7 @@ on_plugin_import {
relative_nbf => $need_nbf );
$response->headers->authorization($encoded);
 
-                    my %cookie =  (value => $encoded, name => '_jwt', expires => "4 weeks", path => '/', http_only => 0);
+                    my %cookie =  (value => $encoded, name => '_jwt', expires => time + $need_exp, path => '/', http_only => 0);
$cookie{domain} = $cookie_domain if defined $cookie_domain;
$response->push_header('Set-Cookie' => Dancer2::Core::Cookie->new(%cookie)->to_header());

since time provides the Unix-epoch and $need_exp is the number of seconds set via configuration.

[ambs]

Just a heads up. I have this already on my todo list, but busy in the last days. Will fix asap. Thanks for your help.

[ambs]

Merged. Will push commit and release in the next minutes.
Thank you very much, sorry for the delay.