fix: make AURREMEMBER cookie a permanent one

If it's a session cookie it poses issues for users
whose browsers wipe session cookies after close.
They'd be logged out early even if they chose
the "remember me" option when they log in.

Signed-off-by: moson-mo <mo-son@mailbox.org>

aurweb/routers/auth.py

@@ -70,6 +70,7 @@ async def login_post(
         return await login_template(request, next, errors=["Account Suspended"])
 
     cookie_timeout = cookies.timeout(remember_me)
+    perma_timeout = aurweb.config.getint("options", "permanent_cookie_timeout")
     sid = _retry_login(request, user, passwd, cookie_timeout)
     if not sid:
         return await login_template(request, next, errors=["Bad username or password."])
@@ -88,6 +89,7 @@ async def login_post(
     response.set_cookie(
         "AURREMEMBER",
         remember_me,
+        max_age=perma_timeout,
         secure=secure,
         httponly=secure,
         samesite=cookies.samesite(),