From aef0826004340339b677eb275cbb1e6949595f60 Mon Sep 17 00:00:00 2001
From: primal <primal@primal.host>
Date: Fri, 30 Jan 2026 16:12:33 -0500
Subject: [PATCH] v41: Session cookie for browser-close logout

---
 oauth_session.go | 2 +-
 templates.go     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth_session.go b/oauth_session.go
index 9181d9f..350e43e 100644
--- a/oauth_session.go
+++ b/oauth_session.go
@@ -294,7 +294,7 @@ func (m *OAuthManager) SetSessionCookie(w http.ResponseWriter, r *http.Request,
 		HttpOnly: true,
 		Secure:   secure,
 		SameSite: http.SameSiteLaxMode,
-		MaxAge:   int(sessionTTL.Seconds()),
+		// No MaxAge = session cookie, deleted when browser closes
 	})
 
 	return nil
diff --git a/templates.go b/templates.go
index 29e4a54..0164c50 100644
--- a/templates.go
+++ b/templates.go
@@ -534,7 +534,7 @@ const dashboardHTML = `<!DOCTYPE html>
         <div id="output"></div>
     </div>
 
-    <div style="color: #333; font-size: 11px; margin-top: 10px;">v40</div>
+    <div style="color: #333; font-size: 11px; margin-top: 10px;">v41</div>
 
     <div class="updated" id="updatedAt">Last updated: {{.UpdatedAt.Format "2006-01-02 15:04:05"}}</div>
 </body>