FEAT: Enhance authentication session management with configurable cookie domain and improved token refresh logic

server/api/auth/keycloak/callback.ts

@@ -81,13 +81,17 @@ export default defineEventHandler(async (event) => {
       createdAt: Date.now()
     }
 
-    // Create session cookie with better security settings
+    // Create session cookie with proper session duration (8 hours = 28800 seconds)
+    // Not tied to access token lifetime since we'll refresh tokens automatically
+    const sessionDuration = 8 * 60 * 60; // 8 hours in seconds
+    const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
+    
     setCookie(event, 'nuxt-oidc-auth', JSON.stringify(sessionData), {
       httpOnly: true,
       secure: true,
       sameSite: 'lax',
-      maxAge: tokenResponse.expires_in,
-      domain: '.portnimara.dev',
+      maxAge: sessionDuration,
+      domain: cookieDomain,
       path: '/'
     })
 

server/api/auth/refresh.ts

@@ -72,13 +72,16 @@ export default defineEventHandler(async (event) => {
       refreshedAt: Date.now()
     }
 
-    // Set updated session cookie
+    // Set updated session cookie with proper session duration
+    const sessionDuration = 8 * 60 * 60; // 8 hours in seconds
+    const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
+    
     setCookie(event, 'nuxt-oidc-auth', JSON.stringify(updatedSessionData), {
       httpOnly: true,
       secure: true,
       sameSite: 'lax',
-      maxAge: tokenResponse.expires_in,
-      domain: '.portnimara.dev',
+      maxAge: sessionDuration,
+      domain: cookieDomain,
       path: '/'
     })
 
@@ -93,8 +96,9 @@ export default defineEventHandler(async (event) => {
     console.error('[REFRESH] Token refresh failed:', error)
     
     // Clear invalid session
+    const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
     deleteCookie(event, 'nuxt-oidc-auth', {
-      domain: '.portnimara.dev',
+      domain: cookieDomain,
       path: '/'
     })
 

server/api/auth/session.ts

@@ -26,8 +26,9 @@ export default defineEventHandler(async (event) => {
     } catch (parseError) {
       console.error('[SESSION] Failed to parse session cookie:', parseError)
       // Clear invalid session
+      const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
       deleteCookie(event, 'nuxt-oidc-auth', {
-        domain: '.portnimara.dev',
+        domain: cookieDomain,
         path: '/'
       })
       return { user: null, authenticated: false }
@@ -39,8 +40,9 @@ export default defineEventHandler(async (event) => {
         hasUser: !!sessionData.user,
         hasAccessToken: !!sessionData.accessToken
       })
+      const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
       deleteCookie(event, 'nuxt-oidc-auth', {
-        domain: '.portnimara.dev',
+        domain: cookieDomain,
         path: '/'
       })
       return { user: null, authenticated: false }
@@ -54,8 +56,9 @@ export default defineEventHandler(async (event) => {
         expiredSince: Date.now() - sessionData.expiresAt
       })
       // Session expired, clear cookie
+      const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
       deleteCookie(event, 'nuxt-oidc-auth', {
-        domain: '.portnimara.dev',
+        domain: cookieDomain,
         path: '/'
       })
       return { user: null, authenticated: false }
@@ -80,8 +83,9 @@ export default defineEventHandler(async (event) => {
   } catch (error) {
     console.error('[SESSION] OIDC session check error:', error)
     // Clear invalid session
+    const cookieDomain = process.env.COOKIE_DOMAIN || '.portnimara.dev';
     deleteCookie(event, 'nuxt-oidc-auth', {
-      domain: '.portnimara.dev',
+      domain: cookieDomain,
       path: '/'
     })
     return { user: null, authenticated: false }