From d1694ff1ff6a8b4aa587095672b6f78593224a2f Mon Sep 17 00:00:00 2001
From: smakman <jurjen@diffuse.nl>
Date: Tue, 10 Mar 2026 17:30:56 +0100
Subject: [PATCH] Fix: always pass tokenExpiration for frontend session cookies

For non-admin (frontend) logins, `useAdmin` is false, so the ternary
`useAdmin ? collectionConfig.auth.tokenExpiration : undefined` was
passing `undefined` to `createSessionCookies()`, which falls back to
the hardcoded 7200s default. This means the collection's configured
`auth.tokenExpiration` was being ignored for all frontend logins.

Remove the `useAdmin` conditional and always pass
`collectionConfig.auth.tokenExpiration` in OAuth authentication,
password signin, and password signup flows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/core/protocols/oauth/oauth_authentication.ts | 2 +-
 src/core/protocols/password.ts                   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/core/protocols/oauth/oauth_authentication.ts b/src/core/protocols/oauth/oauth_authentication.ts
index 719a3d5..38f4166 100644
--- a/src/core/protocols/oauth/oauth_authentication.ts
+++ b/src/core/protocols/oauth/oauth_authentication.ts
@@ -167,7 +167,7 @@ export async function OAuthAuthentication(
         sid: sessionID,
         collection: collections.usersCollection,
       },
-      useAdmin ? collectionConfig?.auth.tokenExpiration : undefined,
+      collectionConfig?.auth.tokenExpiration,
       collectionConfig.auth as SanitizedCollectionConfig["auth"] || false,
     )),
   ]
diff --git a/src/core/protocols/password.ts b/src/core/protocols/password.ts
index 5d244d6..7f0b387 100644
--- a/src/core/protocols/password.ts
+++ b/src/core/protocols/password.ts
@@ -146,7 +146,7 @@ export const PasswordSignin = async (
     secret,
     signinFields,
     request,
-    useAdmin ? collectionConfig.auth.tokenExpiration : undefined,
+    collectionConfig.auth.tokenExpiration,
   )
 }
 
@@ -250,7 +250,7 @@ export const PasswordSignup = async (
       secret,
       signinFields,
       request,
-      useAdmin ? collectionConfig.auth.tokenExpiration : undefined,
+      collectionConfig.auth.tokenExpiration,
     )
   }