Fix: SSR cookie token check and cookie handling

server/middleware/checkAuthToken.ts

@@ -23,15 +23,17 @@ export default function checkAuthToken(req, res, dispatch) {
     console.log('Init checkAuthToken method');
     return checkAuthTokenRequest(req, dispatch)
         .then((data) => {
-            console.log('Setting cookie', data.access_token);
-            res.cookie('access_token', data.access_token, { path: '/' });
+            console.log(`Setting cookie to expire in ${data.exp}ms from`, data);
+            res.cookie('access_token', data.access_token, { path: '/', maxAge: data.exp });
             if (data.authorities) {
-                res.cookie('authorities', JSON.stringify(data.authorities), { path: '/' });
+                res.cookie('authorities', JSON.stringify(data.authorities), { path: '/', maxAge: data.exp });
             } else {
                 res.clearCookie('authorities');
             }
             return data;
         }).catch((x) => {
-            console.log('Failed checkAuthToken', x);
+            console.log('Failed checkAuthToken, clearing cookies', x);
+            res.clearCookie('access_token');
+            res.clearCookie('authorities');
         });
 }

src/actions/login.ts

@@ -12,7 +12,7 @@ export function checkAccessTokens(dispatch) {
     const applicationLogin = () =>
         LoginService.loginApp()
             .then((data) => {
-                saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]});
+                saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]}, data.exp);
                 dispatch(loginApp(data));
             })
             .catch((error) => {
@@ -75,7 +75,7 @@ export const loginRequest = (username, password) => (dispatch) => {
 
   return LoginService.login(username, password)
     .then((data) => {
-      saveCookies(data);
+      saveCookies(data, data.exp);
       return dispatch(loginUser(data));
     });
 };
@@ -103,7 +103,7 @@ export const verifyGoogleTokenRequest = (accessToken) => (dispatch, getState) =>
 
   return LoginService.verifyGoogleToken(token, accessToken)
     .then((data) => {
-      saveCookies(data);
+      saveCookies(data, data.exp);
       return dispatch(loginApp(data));
     });
 };

src/ui/layout/Header/index.tsx

@@ -124,7 +124,7 @@ class Header extends React.Component<IHeaderProps | any, any> {
         this.props.logoutRequest()
             .then(() => this.props.loginAppRequest())
             .then((data) => {
-                saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]});
+                saveCookies({access_token: data.access_token, authorities: [ROLE_CLIENT]}, data.exp);
                 this.props.history.push('/login');
             });
     }

src/ui/pages/login/LoginPage.tsx

@@ -33,7 +33,7 @@ class LoginContainer extends React.Component<ILoginContainerProps, void> {
             return checkTokenRequest(access_token);
           })
           .then((data) => {
-              saveCookies(data);
+              saveCookies(data, data.exp);
               history.push('/dashboard');
               return false;
           }).catch((e) => {

src/utilities/index.ts

@@ -96,10 +96,10 @@ export function cleanFilters(filter, keysToSkip?): string {
 	return result;
 }
 
-export function saveCookies(resp) {
-	log('Saving cookies');
-	cookies.set('access_token', resp.access_token, { path: '/' });
-	cookies.set('authorities', JSON.stringify(resp.authorities), { path: '/' });
+export function saveCookies(resp, exp: number) {
+	log(`Saving cookies to expire after ${exp}ms`);
+	cookies.set('access_token', resp.access_token, { path: '/', expires: new Date(new Date().getTime() + exp) });
+	cookies.set('authorities', JSON.stringify(resp.authorities), { path: '/', expires: new Date(new Date().getTime() + exp) });
 }
 
 export function clearCookies() {