fix: TOTP login flow loses remember_me — sessions expire after 1 hour

The TOTP verification endpoint always created refresh tokens with remember_me=false and 1-hour expiry, regardless of what the user selected at login. Fix: - Frontend now sends remember_me in the TOTP verify request body - Backend reads remember_me and uses it for token expiry (30 days) and cookie maxAge Users with 2FA who checked "remember me" will now stay logged in for 30 days instead of being kicked out after 1 hour. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-23 20:28:54 +01:00
parent c4c4433561
commit 33268b38ae
2 changed files with 10 additions and 4 deletions
--- a/src/admin/context/AuthContext.tsx
+++ b/src/admin/context/AuthContext.tsx
@@ -198,7 +198,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        credentials: 'include',
-        body: JSON.stringify({ login_token: loginToken, totp_code: code }),
+        body: JSON.stringify({ login_token: loginToken, totp_code: code, remember_me: remember }),
      })
      const data = await response.json()
      if (data.success) {