From 7c4a0ec4665be0785d0e4ef86e7387ea10d70e3d Mon Sep 17 00:00:00 2001
From: Linus Flood <linus.flood@scandichotels.com>
Date: Tue, 23 Sep 2025 07:21:24 +0000
Subject: [PATCH] Merged in fix/webview-auth-fix-3 (pull request #2848)

Fix/webview auth fix 3

* feat(webview auth): set maxAge on cookie

* Changed samesite to lax


Approved-by: Anton Gunnarsson
---
 apps/scandic-web/middlewares/webView.ts | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/apps/scandic-web/middlewares/webView.ts b/apps/scandic-web/middlewares/webView.ts
index 2b4ebfb2f..f67d7e3b5 100644
--- a/apps/scandic-web/middlewares/webView.ts
+++ b/apps/scandic-web/middlewares/webView.ts
@@ -156,8 +156,9 @@ async function handleWebviewRewrite({
       res.cookies.set("webviewToken", decryptedData, {
         httpOnly: true,
         secure: true,
-        sameSite: "strict",
+        sameSite: "lax",
         path: "/",
+        maxAge: 60 * 30, // 30 minutes
       })
     }
     return res
@@ -185,8 +186,9 @@ async function handleWebviewRewrite({
       res.cookies.set("webviewToken", decryptedData, {
         httpOnly: true,
         secure: true,
-        sameSite: "strict",
+        sameSite: "lax",
         path: "/",
+        maxAge: 60 * 30, // 30 minutes
       })
     }
     return res
@@ -203,8 +205,9 @@ async function handleWebviewRewrite({
       res.cookies.set("webviewToken", decryptedData, {
         httpOnly: true,
         secure: true,
-        sameSite: "strict",
+        sameSite: "lax",
         path: "/",
+        maxAge: 60 * 30, // 30 minutes
       })
     }
     return res