3 files changed, 13 insertions, 2 deletions

diff --git a/auth.go b/auth.go
index 0151380..94567f2 100644
--- a/auth.go
+++ b/auth.go
@@ -205,12 +205,17 @@ func handleAuth(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	now := time.Now()
+	expr := now.Add(time.Duration(config.Auth.Expr) * time.Second)
+	exprU := expr.Unix()
+
 	cookie := http.Cookie{
 		Name:     "session",
 		Value:    cookieValue,
 		SameSite: http.SameSiteLaxMode,
 		HttpOnly: true,
 		Secure:   config.Prod,
+		Expires:  expr,
 		/*
 		 * TODO: Cookies should also have an expiration; cookies
 		 * without expiration don't even persist across browser
@@ -228,7 +233,7 @@ func handleAuth(w http.ResponseWriter, req *http.Request) {
 		claims.Email,
 		department,
 		cookieValue,
-		1881839332, /* TODO */
+		exprU,
 	)
 	if err != nil {
 		var pgErr *pgconn.PgError
@@ -240,7 +245,7 @@ func handleAuth(w http.ResponseWriter, req *http.Request) {
 				claims.Email,
 				department,
 				cookieValue,
-				1881839332, /* TODO */
+				exprU,
 				claims.Oid,
 			)
 			if err != nil {
diff --git a/config.go b/config.go
index fb962c9..061f17d 100644
--- a/config.go
+++ b/config.go
@@ -66,6 +66,7 @@ var configWithPointers struct {
 		Jwks      *string `scfg:"jwks"`
 		Token     *string `scfg:"token"`
 		Secret    *string `scfg:"secret"`
+		Expr      *int    `scfg:"expr"`
 	} `scfg:"auth"`
 	Perf struct {
 		SendQ               *int `scfg:"sendq"`
@@ -95,6 +96,7 @@ var config struct {
 		Jwks      string
 		Token     string
 		Secret    string
+		Expr      int
 	}
 	Perf struct {
 		SendQ               int
@@ -129,6 +131,7 @@ func fetchConfig(path string) error {
 	config.Auth.Jwks = *(configWithPointers.Auth.Jwks)
 	config.Auth.Token = *(configWithPointers.Auth.Token)
 	config.Auth.Secret = *(configWithPointers.Auth.Secret)
+	config.Auth.Expr = *(configWithPointers.Auth.Expr)
 	config.Perf.SendQ = *(configWithPointers.Perf.SendQ)
 	config.Perf.MessageArgumentsCap = *(configWithPointers.Perf.MessageArgumentsCap)
 	config.Perf.MessageBytesCap = *(configWithPointers.Perf.MessageBytesCap)
diff --git a/docs/cca.scfg.example b/docs/cca.scfg.example
index 95f39b9..8117e57 100644
--- a/docs/cca.scfg.example
+++ b/docs/cca.scfg.example
@@ -62,6 +62,9 @@ auth {
 
 	# What is the client secret? Certificates are not supported yet.
 	secret something
+	
+	# How long, in seconds, should cookies last?
+	expr 604800
 }
 
 # The following block contains some tweaks for performance.