From 5188960bd262ceff6526f4f05e82a26146cd19ad Mon Sep 17 00:00:00 2001 From: Nora Date: Mon, 6 Jul 2026 10:14:00 -0600 Subject: [PATCH] fix(time-tracking): keep workers signed in for 7 days Field workers were forced to re-enter their PIN every 12 hours. That's noticeable friction on devices that stay signed in for a week or more. Bumped COOKIE_MAX_AGE to 7 days (604800s) so a worker who clocks out on Friday doesn't see the PIN screen Monday morning. The cookie is httpOnly + secure (in prod) + sameSite=lax, so the extended lifetime doesn't materially change the threat surface. The expires_at inside the cookie value is recomputed from the same constant, so the in-cookie expiry and the browser-side Max-Age agree. Field workers still log out explicitly via the Hub 'Sign out' tile (or the server-side /api time-tracking/notify handler) when they want to end the session sooner. Forced re-auth only happens when the cookie actually expires or the worker logs out. --- src/actions/time-tracking/field.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/actions/time-tracking/field.ts b/src/actions/time-tracking/field.ts index 123608f..ec0e098 100644 --- a/src/actions/time-tracking/field.ts +++ b/src/actions/time-tracking/field.ts @@ -46,7 +46,12 @@ export type TimeTrackingSession = { // ── Cookie helpers ───────────────────────────────────────────────────────── const SESSION_COOKIE = "time_tracking_session"; -const COOKIE_MAX_AGE = 12 * 60 * 60; // 12 hours +// 7 days. The cookie is httpOnly + secure (in prod) + sameSite=lax so +// XSS / cross-site theft are already mitigated; the remaining risk is a +// shared/unlocked device on the field. Workers notice forced re-auth +// more than they notice a longer session, so we keep them signed in for +// a full week. Re-PIN only when the cookie expires or is logged out. +const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; function sessionCookieValue(session: TimeTrackingSession): string { return [