fix: cookie setting by only setting on admin routes

app/src/auth/api/AuthController.ts

@@ -121,6 +121,7 @@ export class AuthController extends Controller {
             const claims = c.get("auth")?.user;
             if (claims) {
                const { data: user } = await this.userRepo.findId(claims.id);
+               await this.auth.authenticator?.requestCookieRefresh(c);
                return c.json({ user });
             }
 

app/src/auth/middlewares.ts

@@ -60,11 +60,7 @@ export const auth = (options?: {
       }
 
       await next();
-
-      if (!skipped) {
-         // renew cookie if applicable
-         authenticator?.requestCookieRefresh(c);
-      }
+      // @todo: potentially add cookie refresh if content-type html and about to expire
 
       // release
       authCtx.skip = false;