No Cookie max-age Set on Auth Cookies
File: browser_sessions.py:207-232
set_cookie() doesn't include a max_age parameter. Without it, cookies become session cookies (deleted when browser closes). This conflicts with the 7-day refresh token TTL — users will lose their session on browser close even though the refresh token is still valid.
No Cookie max-age Set on Auth Cookies
File: browser_sessions.py:207-232
set_cookie() doesn't include a max_age parameter. Without it, cookies become session cookies (deleted when browser closes). This conflicts with the 7-day refresh token TTL — users will lose their session on browser close even though the refresh token is still valid.