lib/rodauth/features/oidc_session_management.rb in rodauth-oauth-1.4.0 vs lib/rodauth/features/oidc_session_management.rb in rodauth-oauth-1.5.0

@@ -33,11 +33,13 @@
       # update user agent state in the process
       # TODO: dangerous if this gets overidden by the user
 
       user_agent_state_cookie_opts = Hash[oauth_oidc_user_agent_state_cookie_options]
       user_agent_state_cookie_opts[:value] = oauth_unique_id_generator
-      user_agent_state_cookie_opts[:expires] = convert_timestamp(Time.now + oauth_oidc_user_agent_state_cookie_expires_in)
       user_agent_state_cookie_opts[:secure] = true
+      if oauth_oidc_user_agent_state_cookie_expires_in
+        user_agent_state_cookie_opts[:expires] = convert_timestamp(Time.now + oauth_oidc_user_agent_state_cookie_expires_in)
+      end
       ::Rack::Utils.set_cookie_header!(response.headers, oauth_oidc_user_agent_state_cookie_key, user_agent_state_cookie_opts)
     end
 
     private