I am writing a Next.js app for a client. The app is using NextAuth to authenticate users via AWS Cognito (OAuth, OIDC, JWT, etc.). Currently, I am using the Cognito hosted UI for authentication. All is working well. However, the client would like sessions to expire if the users close the browser without explicitly logging out. I modified my NextAuth config to use a JWT cookie that expires after only 3 minutes and a keep-alive that keeps the session open as long as the user remains on the site. So far, so good… except not really.