From a8ae1739141c61890975951d13b84711a24196ce Mon Sep 17 00:00:00 2001
From: Jennie Robinson Faber <jennie@jenniefaber.com>
Date: Sun, 1 Mar 2026 14:05:26 +0000
Subject: [PATCH] Fix session token expiry

---
 server/api/helcim/customer.post.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/api/helcim/customer.post.js b/server/api/helcim/customer.post.js
index 3e8c7ee..42d266d 100644
--- a/server/api/helcim/customer.post.js
+++ b/server/api/helcim/customer.post.js
@@ -106,7 +106,7 @@ export default defineEventHandler(async (event) => {
         helcimCustomerId: customerData.id 
       },
       config.jwtSecret,
-      { expiresIn: '24h' }
+      { expiresIn: '7d' }
     )
 
     // Set the session cookie server-side
@@ -114,7 +114,7 @@ export default defineEventHandler(async (event) => {
       httpOnly: true,
       secure: process.env.NODE_ENV === 'production',
       sameSite: 'lax',
-      maxAge: 60 * 60 * 24, // 24 hours
+      maxAge: 60 * 60 * 24 * 7, // 7 days (matches verify.get.js and refresh.post.js)
       path: '/',
       domain: undefined // Let browser set domain automatically
     })