Refresh session cookie

[francescovenica]

Hello,

I'm following the official docs to manage the session via cookie:
https://firebase.google.com/docs/auth/admin/manage-cookies

all works fine but the issue I have is that when the session expire the user has to login again while I'd like to have a rolling session so the user doesn't need to login every tot days....I don't see anything in the docs that explain how to do that, on stackoverflow I found a possible solution where:

• I Verify the session
• I create a custom token
• I sign in with a custom token https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken
• I create a new session cookie with the idtoken I get from the previous request

this can work as fare as the user visit the website, but if the user doesn't login for 2 weeks (the max duration) he will always need to login...another solution would be to save in my db the refresh token but it's not something I'd like to do as it will create a lot of security concern