From a3d5e63635ab7bb22a5e64df63d1c1fff15e8be8 Mon Sep 17 00:00:00 2001
From: chamikaJ <chamika@ceydigital.com>
Date: Thu, 29 May 2025 16:48:25 +0530
Subject: [PATCH] fix(session): update session middleware configuration

- Changed session middleware settings to resave sessions when uninitialized and prevent saving uninitialized sessions.
- Updated cookie settings to enable httpOnly and set secure to false, enhancing security measures for session management.
---
 worklenz-backend/src/middlewares/session-middleware.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/worklenz-backend/src/middlewares/session-middleware.ts b/worklenz-backend/src/middlewares/session-middleware.ts
index cb6cd624..263fd857 100644
--- a/worklenz-backend/src/middlewares/session-middleware.ts
+++ b/worklenz-backend/src/middlewares/session-middleware.ts
@@ -9,8 +9,8 @@ export default session({
   name: process.env.SESSION_NAME,
   secret: process.env.SESSION_SECRET || "development-secret-key",
   proxy: false,
-  resave: false,
-  saveUninitialized: true,
+  resave: true,
+  saveUninitialized: false,
   rolling: true,
   store: new pgSession({
     pool: db.pool,
@@ -18,8 +18,8 @@ export default session({
   }),
   cookie: {
     path: "/",
-    // secure: isProduction(),
-    // httpOnly: isProduction(),
+    httpOnly: true,
+    secure: false,
     // sameSite: "none",
     // domain: isProduction() ? ".worklenz.com" : undefined,
     maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days