worklenz/worklenz-backend/src/middlewares/session-middleware.ts

import session from "express-session";
import db from "../config/db";
import { isProduction } from "../shared/utils";

// eslint-disable-next-line @typescript-eslint/no-var-requires
const pgSession = require("connect-pg-simple")(session);

export default session({
  name: process.env.SESSION_NAME || "worklenz.sid",
  secret: process.env.SESSION_SECRET || "development-secret-key",
  proxy: true,
  resave: false,
  saveUninitialized: false,
  rolling: true,
  store: new pgSession({
    pool: db.pool,
    tableName: "pg_sessions"
  }),
  cookie: {
    path: "/",
    secure: isProduction(), // Use secure cookies in production
    httpOnly: true,
    sameSite: "lax", // Standard setting for same-origin requests
    maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days
  }
});