00:00 So when we log in, if I go Cody and Cody loves you, before we do that, let's open up our network tab here. And when I hit log in, then we're going to get this POST request. And our cookie is going to be set as part of that POST request. And in here, we have our path slash, HTTP only,

00:19 same site lax. All of that is exactly what we would expect. If we come over to the application and we see that EN session, this says it expires or slash max age. And that is set to session. Now that's kind of interesting. So what does that even mean? What does it mean to have expiration of session?

00:39 Well, what that means is when I close this browser tab, that cookie will get deleted. Not just the browser tab, but the browser entirely. So I'm going to quit. And then when I open up my browser again, and let's open that back up, look. I'm no longer logged in. That cookie was deleted.

00:59 So here we have these new cookies. They're set automatically for every user. So these are new cookies. But yeah, my other cookie, which is not set automatically, my authentication cookie, my session cookie, is not there. I can log in again. But yeah, still, it's session.

01:18 Now, Kelly, the coworker, actually did a little bit of work for us. And that was to add this Remember Me checkbox. And so your job is to make it so that Remember Me checkbox actually means something. I promise. It's like a meme. Like, oh, the Remember Me checkbox never does anything. No, it definitely does something.

01:37 What it is supposed to do is it's supposed to set the expiration time for the session or for the cookie. And maybe that expiration time is like two or three hours, because you're a bank or something. And maybe it's multiple days.

01:55 Or maybe it's even basically indefinitely, which is the case for lots of social media sites. And so yeah, your job is to just set the expiration date of the cookie. Now, interestingly, you can actually configure this when we set up our session storage object.

02:15 That's as part of the cookie configuration. But we don't want to do that, because by default, having it expire when the browser is closed is actually a pretty good default. As you notice, this is default to not be checked. And so we want it to only remember the user

02:35 if they've actually checked that. And so rather than updating our configuration for the cookie and just saying, have it expire after 30 days, we're going to update where we set the cookie when we're committing that cookie and have that control its expiration. That way, we have the information

02:52 we need to know whether or not it should expire in 30 days. So that's your job. Have a good time.