Is there a way to set a JWT that expires when the browser session is closed?

[ACAWebDev]

We have created a site for our client, and they requested that the sign in process works the same as their previous site, where if a user closes out of the browser, they're signed out.

Looking at their login cookies, we can see that the Expires / Max-Age is set to Session, but I have not figured out a way to replicate this using NextAuth + Next.JS

Any ideas?

[Exp1ry]

Hi,

The way I would approach this is:

1. Detect when a user is about to leave the site
2. Delete the AuthJS cookies

First of all, you need to create either a server action or API route to delete the AuthJS cookies manually, as you cannot call signOut() as it may create problems in this situation.

app/api/force-signout/route.ts

import { cookies } from "next/headers";

export async function POST() {
  const cookieStore = cookies();

  // Remove Auth.js session cookie
  cookieStore.set("authjs.session-token", "", {
    path: "/",
    maxAge: 0,
  });

  // If you're using a custom session token cookie, also remove that:
  cookieStore.set("authjs.callback-url", "", {
    path: "/",
    maxAge: 0,
  });

  return Response.json({ ok: true });
}

Now that you have this endpoint, you create the CloseListener component

"use client";
import { useEffect } from "react";

export default function CloseListener() {
  useEffect(() => {
    const handler = () => {
      const url = "/api/force-signout";

      // Must be BEACON so it works during tab close
      navigator.sendBeacon(url, JSON.stringify({ force: true }));
    };

    // unload is the only reliable event for Beacon
    window.addEventListener("unload", handler);

    return () => window.removeEventListener("unload", handler);
  }, []);

  return null;
}

Then, add it to your layout.tsx file

import CloseListener from "./_components/CloseListener";

export default function RootLayout({ children }) {
  return (
    <html lang="en">
      <body>
        <CloseListener />
        {children}
      </body>
    </html>
  );
}

This is how i'd accomplish this. Hope it helps!