diff --git a/CHANGELOG.md b/CHANGELOG.md
index a62d4a17..8c654df3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+- [#292](https://github.com/Shopify/shopify-api-php/pull/292) [Patch] Fix bug where null can be passed to param 3 of setcookie() 
+
 ## v5.9.0 - 2025-01-08
 - [#393](https://github.com/Shopify/shopify-api-php/pull/393) [Minor] Add support for 2025-01 API version REST resources
 - [#367](https://github.com/Shopify/shopify-api-php/pull/367) [Patch] Allow uppercase characters in redirect URI
diff --git a/src/Auth/OAuth.php b/src/Auth/OAuth.php
index c583ef09..e7011032 100644
--- a/src/Auth/OAuth.php
+++ b/src/Auth/OAuth.php
@@ -152,7 +152,7 @@ public static function callback(array $cookies, array $query, ?callable $setCook
             );
         }
 
-        $sessionExpiration = ($session->getExpires() ? (int)$session->getExpires()->format('U') : null);
+        $sessionExpiration = ($session->getExpires() ? (int)$session->getExpires()->format('U') : 0);
         $cookieSet = self::setSessionIdCookie(
             $setCookieFunction,
             $session->getId(),
diff --git a/tests/Auth/OAuthTest.php b/tests/Auth/OAuthTest.php
index 5cd1d810..a61829c6 100644
--- a/tests/Auth/OAuthTest.php
+++ b/tests/Auth/OAuthTest.php
@@ -183,7 +183,7 @@ public function testValidCallback($isOnline, $isEmbedded)
         } elseif ($isOnline) {
             $this->assertEquals($expectedSession->getExpires()->format('U'), $cookieExpiration);
         } else {
-            $this->assertNull($cookieExpiration);
+            $this->assertEquals(0, $cookieExpiration);
         }
     }