I have the following code using node js on heroku
app.use(cookieParser());
const expiresIn = 60 * 60 * 24 * 5 * 1000;
const options = {maxAge: expiresIn, httpOnly: false, secure: false};
res.cookie('session', 1, options);
I'm setting a cookie when someone logs in, but that cookie disappears after a short while on heroku using nodejs.
Unfortunately, after 5 minutes, the cookie "session" expires and req.cookies.session returns empty.
Can someone please help?
Related
In my NodeJs / Express app, I'm using the standard session package and Passport to handle sessions and login. My problem is that the app kicks the user out after what feels like 10 minutes of inactiviy, and forces them to log-in again. My assumption is that it must be something to do with the session configuration, which with my limited understanding, I think is configured to allow 2 hours:
const session = require("express-session");
const PostgreSqlStore = require("connect-pg-simple")(session);
const sessionAge = 2 * 60 * 60 * 1000; // hour, min, sec, millisecond
var sessionConfig = {
name: "mysite",
secret: "verysecret",
resave: true,
saveUninitialized: false,
proxy: trustedTypes,
cookie: {
key: "cookieKey",
secure: true,
sameSite: false,
httpOnly: true,
maxAge: sessionAge,
},
store: new PostgreSqlStore({
pgPromise: db,
ttl: 2 * 60 * 60, //Hours, minute, seconds
}),
};
app.use(session(sessionConfig));
Is there anything I'm doing wrong, or is there something else I should be looking at to find the cause of this behavior?
store: new PostgreSqlStore({
pgPromise: db,
ttl: 2 * 60 * 60, //Hours, minute, seconds
})
I think your PostgreSQL store ttl property should be equivalent to maxAge property of session config
I've discovered that apparently although by default the session does get extended on the server, it won't send an updated cookie to the browser if nothing has changed in it. The missing property is the 'rolling' attribute.
var sessionConfig = {
rolling: true,
I am using code from Stripe's rocket rides to serve cookies and remember users:
const cookieParser = require('cookie-parser');
const session = require('cookie-session');
// ...
const app = express();
// Enable sessions using encrypted cookies
app.use(cookieParser(config.secret));
app.use(
session({
// cookie expiration: 90 days
cookie: {maxAge: 90 * 24 * 60 * 60 * 1000},
secret: config.secret,
signed: true,
resave: true,
})
);
The problem is that the cookies served are session cookies (I inspected them with Chromium Developer Tools) and deleted when the browser window closes. I checked that the live server of Rocket Rides also serves session cookies.
How can I enforce the maxAge for the cookie to persist for 90 days?
Here try this.
app.use(cookieParser(config.secret));
app.use(
session({
// Cookie Options
maxAge: 90 * 24 * 60 * 60 * 1000,
secret: config.secret,
signed: true,
resave: true,
})
);
I'm trying insert my data (like login or id) into a session.
But when I'm writing req.session.login, typescript returns error:
"Object is possibly 'undefined'." I was trying everything and I was looking for answer in google, but I didn't found anything.
Here is my 'src/app.ts' included into simple start file 'bin/www.js'.
import * as express from "express";
import * as session from 'express-session';
import * as cookieParser from "cookie-parser";
let app:express.Application = express();
app.use(cookieParser("sssh!"));
app.use(session({
secret: 'sssssh! That\'s the secret',
name: 'session',
resave: false,
saveUninitialized: true,
cookie: {
path: '*',
maxAge: 60 * 60 * 1000,
expires: new Date(Date.now() + (3 * 60 * 60 * 1000))
}
}));
app.use("/test", (req:express.Request, res:express.Response, next:express.NextFunction)=>{
let ses = req.session;
// Here I want to do something similar to cookies,
//like req.session.login = "login" or ses.login = "login"
res.cookie('name', "lastname");
console.log(req.cookies);
res.send(req.session);
});
If I'm not wrong, this declaration (req.session.login = "login") should work in normal javascript file.
I'm sure that I missed something important here.
I set up the session maxAge of express like documented.
Here is my code:
app.use(session({
secret: process.env.SESSION_SECRET,
saveUninitialized: true,
resave: true,
maxAge: 1000* 60 * 60 *24 * 365,
store: new MongoStore({mongooseConnection:mongoose.connection})
}));
But every time I close the browser, I find myself logged out.
Also, note that I am using Passport local, facebook, and google authentications.
They all expire.
In the console, I can see that the connect.sid in the expires/maxAge section lists "Session" while other cookies have dates...
What am I doing wrong?
you need to configure your express-session, and set maxAge on session-cookie
app.use(express.session({
cookie : {
maxAge: 1000* 60 * 60 *24 * 365
},
store : new MongoStore({mongooseConnection:mongoose.connection})
});
//.....
app.use(passport.session());
session= require('express-session')
RedisStore = require('connect-redis')(session)
#use \json, session: { secret: 'secret', store: new RedisStore, httpOnly: true, expires: new Date(Date.now() + 10 * 1000), cookie: { expires: new Date(Date.now() + 10 * 1000), maxAge: 10000 } } ,'bodyParser',#app.router
My post login action is as, here i am printing the #request.session on console:
#post '/_login': ->
console.log #request.session
If i refreshes my post login page after 10 seconds of session expiry or click on any other link inside my application, it itself generates and assigns/resets cookie a new sid to the client.
If session expires I don't want it to regenerate the session itself and pass new sid to the browser.
What's wrong here, Please help.
Thanks.