Fix use UTC for JWT expiry and max-age for cookie

2025-07-07 13:41:15 -07:00 · 2023-12-06 23:09:32 -08:00 · 2023-12-06 23:09:32 -08:00 · fe7a59c7f9
commit fe7a59c7f9
parent e3113ebd30
1 changed files with 3 additions and 3 deletions
--- a/plexpy/webauth.py
+++ b/plexpy/webauth.py
@ -22,7 +22,7 @@
 from future.builtins import object
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from future.moves.urllib.parse import quote, unquote
 import cherrypy
@ -378,7 +378,7 @@ class AuthController(object):
        if valid_login:
            time_delta = timedelta(days=30) if remember_me == '1' else timedelta(minutes=60)
-            expiry = datetime.now() + time_delta
+            expiry = datetime.now(tz=timezone.utc) + time_delta
            payload = {
                'user_id': user_details['user_id'],
@ -399,7 +399,7 @@ class AuthController(object):
            jwt_cookie = str(JWT_COOKIE_NAME + plexpy.CONFIG.PMS_UUID)
            cherrypy.response.cookie[jwt_cookie] = jwt_token
-            cherrypy.response.cookie[jwt_cookie]['expires'] = int(time_delta.total_seconds())
+            cherrypy.response.cookie[jwt_cookie]['max-age'] = int(time_delta.total_seconds())
            cherrypy.response.cookie[jwt_cookie]['path'] = plexpy.HTTP_ROOT.rstrip('/') or '/'
            cherrypy.response.cookie[jwt_cookie]['httponly'] = True
            cherrypy.response.cookie[jwt_cookie]['samesite'] = 'lax'