In my NodeJs / Express app, I'm using the standard session package and Passport to handle sessions and login. My problem is that the app kicks the user out after what feels like 10 minutes of inactiviy, and forces them to log-in again. My assumption is that it must be something to do with the session configuration, which with my limited understanding, I think is configured to allow 2 hours:
const session = require("express-session");
const PostgreSqlStore = require("connect-pg-simple")(session);
const sessionAge = 2 * 60 * 60 * 1000; // hour, min, sec, millisecond
var sessionConfig = {
name: "mysite",
secret: "verysecret",
resave: true,
saveUninitialized: false,
proxy: trustedTypes,
cookie: {
key: "cookieKey",
secure: true,
sameSite: false,
httpOnly: true,
maxAge: sessionAge,
},
store: new PostgreSqlStore({
pgPromise: db,
ttl: 2 * 60 * 60, //Hours, minute, seconds
}),
};
app.use(session(sessionConfig));
Is there anything I'm doing wrong, or is there something else I should be looking at to find the cause of this behavior?
store: new PostgreSqlStore({
pgPromise: db,
ttl: 2 * 60 * 60, //Hours, minute, seconds
})
I think your PostgreSQL store ttl property should be equivalent to maxAge property of session config
I've discovered that apparently although by default the session does get extended on the server, it won't send an updated cookie to the browser if nothing has changed in it. The missing property is the 'rolling' attribute.
var sessionConfig = {
rolling: true,
Related
I have the following code using node js on heroku
app.use(cookieParser());
const expiresIn = 60 * 60 * 24 * 5 * 1000;
const options = {maxAge: expiresIn, httpOnly: false, secure: false};
res.cookie('session', 1, options);
I'm setting a cookie when someone logs in, but that cookie disappears after a short while on heroku using nodejs.
Unfortunately, after 5 minutes, the cookie "session" expires and req.cookies.session returns empty.
Can someone please help?
Hello I am fairly new to connect-mongodb-session library so I would love to know how I can access the collection of user sessions so that I can have a code logic to check if user session has expired so that I can remove it from collection.
I know with connect-mongo:
I can set it up like this below to check each hour for expired sessions and it automatically removes the expired sessions
const sessionStore = new MongoStore({
db: 'myappsession',
clear_interval: 3600
});
But now with connect-mongodb-session there's no prop 'clear_interval'
This is how my connect-mongodb-session store is made:
const mongoStore = MongoStore(expressSession);
const store = new mongoStore({
collection: "userSessions",
uri: process.env.mongoURI,
expires: 10 * 1000 * 24 * 60 * 60,
});
So when things are like this how can I go about this
var store=mongoDbStore({
uri:connectionString,
collection:"mySessions"
})
app.use(
session({
secret:key,
resave: true,
saveUninitialized:false,
cookie:{
maxAge:3600000
},
store:store
})
)
You can give a maxAge like above. This session will be terminated.
I am using code from Stripe's rocket rides to serve cookies and remember users:
const cookieParser = require('cookie-parser');
const session = require('cookie-session');
// ...
const app = express();
// Enable sessions using encrypted cookies
app.use(cookieParser(config.secret));
app.use(
session({
// cookie expiration: 90 days
cookie: {maxAge: 90 * 24 * 60 * 60 * 1000},
secret: config.secret,
signed: true,
resave: true,
})
);
The problem is that the cookies served are session cookies (I inspected them with Chromium Developer Tools) and deleted when the browser window closes. I checked that the live server of Rocket Rides also serves session cookies.
How can I enforce the maxAge for the cookie to persist for 90 days?
Here try this.
app.use(cookieParser(config.secret));
app.use(
session({
// Cookie Options
maxAge: 90 * 24 * 60 * 60 * 1000,
secret: config.secret,
signed: true,
resave: true,
})
);
The simple example on https://github.com/voxpelli/node-connect-pg-simple shows:
var session = require('express-session');
app.use(session({
store: new (require('connect-pg-simple')(session))(),
secret: process.env.FOO_COOKIE_SECRET,
resave: false,
cookie: { maxAge: 30 * 24 * 60 * 60 * 1000 } // 30 days
}));
But when I try it, node complains:
throw new Error('No database connecting details provided to
connect-pg-simple');
How do I specify the connection string?
// I was stuck with the same proble and solved it
// 1-) Connection details
const conObject = {
user: 'mehmood',
password: 'mehmood',
host: 'localhost',// or whatever it may be
port: 5432,
database: 'test_db'
};
// 2-) Create an instance of connect-pg-simple and pass it session
const pgSession = require('connect-pg-simple')(session);
// 3-) Create a config option for store
const pgStoreConfig = {
pgPromise: require('pg-promise')({ promiseLib: require('bluebird') })({
conObject }), // user either this
//conString: 'postgres://mehmood:mehmood#localhost:5432/test_db', // or this
// conObject: conObject,// or this,
// pool: new (require('pg').Pool({ /* pool options here*/}))// or this
}
// 4-) use the store configuration to pgSession instance
app.use(session({
store: new pgSession(pgStoreConfig),
secret: 'jW8aor76jpPX', // session secret
resave: true,
saveUninitialized: true,
cookie: { maxAge: 30 * 24 * 60 * 60 * 1000 } // 30 days
}));
// Share improve this answer
For me it worked like
conString:'postgres://postgres:password123#localhost:5432/edu';
So the format must be
conString:'postgres://<user>:<database_password>#<hostname>:<port>/<database_name';
For deploying you get a username. If you run on local machine then PostgreSQL
I set up the session maxAge of express like documented.
Here is my code:
app.use(session({
secret: process.env.SESSION_SECRET,
saveUninitialized: true,
resave: true,
maxAge: 1000* 60 * 60 *24 * 365,
store: new MongoStore({mongooseConnection:mongoose.connection})
}));
But every time I close the browser, I find myself logged out.
Also, note that I am using Passport local, facebook, and google authentications.
They all expire.
In the console, I can see that the connect.sid in the expires/maxAge section lists "Session" while other cookies have dates...
What am I doing wrong?
you need to configure your express-session, and set maxAge on session-cookie
app.use(express.session({
cookie : {
maxAge: 1000* 60 * 60 *24 * 365
},
store : new MongoStore({mongooseConnection:mongoose.connection})
});
//.....
app.use(passport.session());