Skip to content

Change cookie storage duration#16271

Merged
FelixMalfait merged 1 commit intomainfrom
change-login-duration
Dec 3, 2025
Merged

Change cookie storage duration#16271
FelixMalfait merged 1 commit intomainfrom
change-login-duration

Conversation

@FelixMalfait
Copy link
Copy Markdown
Member

@FelixMalfait FelixMalfait commented Dec 3, 2025

Set it to 180 days like Notion does.

Currently Access Token Expires In is set to 90 days but this setting is ignored because the cookie is cleared after 7 days

@FelixMalfait FelixMalfait merged commit e18262c into main Dec 3, 2025
21 checks passed
@FelixMalfait FelixMalfait deleted the change-login-duration branch December 3, 2025 09:04
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Dec 3, 2025

Greptile Overview

Greptile Summary

Extended cookie storage duration from 7 days to 180 days to match Notion's approach and resolve the mismatch where ACCESS_TOKEN_EXPIRES_IN was set to 90 days but cookies expired after only 7 days, causing premature logout.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • Simple constant change that fixes a legitimate issue where cookie expiration (7 days) was shorter than the access token validity period. The change aligns frontend cookie storage with backend token configuration, preventing premature session expiration.
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
packages/twenty-front/src/utils/recoil-effects.ts 5/5 Cookie expiration increased from 7 to 180 days to align with access token validity

Sequence Diagram

sequenceDiagram
    participant User
    participant Browser
    participant Frontend
    participant CookieStorage
    participant Backend
    
    User->>Frontend: Login/Authentication
    Frontend->>Backend: Request access token
    Backend-->>Frontend: Return access token (expires in 30m-90d)
    Frontend->>CookieStorage: Store token via cookieStorageEffect
    Note over CookieStorage: Cookie expires: 7 days → 180 days
    CookieStorage-->>Browser: Set cookie with expiration
    
    Note over User,Browser: Days pass (e.g., 30 days)
    
    User->>Frontend: Return to app
    Browser->>CookieStorage: Check cookie validity
    alt Cookie still valid (after PR)
        CookieStorage-->>Frontend: Return stored token
        Frontend->>Backend: Use token
        Backend-->>Frontend: Authorize request
        Frontend-->>User: User remains logged in
    else Cookie expired (before PR)
        CookieStorage-->>Frontend: Cookie expired
        Frontend-->>User: Redirect to login
        Note over User: Premature logout despite<br/>valid access token
    end
Loading

greptile-apps[bot]
greptile-apps bot reviewed Dec 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Dec 3, 2025

🚀 Preview Environment Ready!

Your preview environment is available at: http://bore.pub:14581

This environment will automatically shut down when the PR is closed or after 5 hours.

NotYen pushed a commit to NotYen/twenty-ym that referenced this pull request Dec 9, 2025
@notyenyu-creator
Change cookie storage duration (twentyhq#16271)
41e43bd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FelixMalfait