cookie ruler

middleware/auth/auth.go

 
 		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {
 			if expired, ok := mapClaims[ctxRequestTokenExpired].(float64); ok {
-				if int64(expired) < time.Now().Unix() {
+				if expired == 0 {
+					// Only cookie is exists, check token expired. app expired by itself call logout when app exit
+					if _, err := ctx.Cookie(ctxRequestCookieAuthorization); err != nil {
+						ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token timeout"})
+						return
+					}
+				}
+
+				if expired < 0 || (int64(expired) < time.Now().Unix()) {
 					ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token timeout"})
 					return
 				}