I decided to use express session instead of cookie session so that I can use the rolling option which is only available in express session that allows me to only sign out users based on inactivity.
Here is my setting:
app.use(session({
secret: [keys.session.secret],
cookie: {
path: '/',
httpOnly: true,
secure: false,
maxAge: 1200000 //20 minutes
},
rolling: true,
resave:true,
saveUninitialized:true
}));
I have set the maxAge to 20 minutes but I keep on getting signed out every 3-4 minutes and I am not sure why
Related
I use express-session with oauth library, but it seams there is some problem to save session data while interacting with oauth server
is there a way to identify possible session-saving problem?
I init a session in such way
app.set("trust proxy", 1)
app.use(session({
secret: 'secret',
resave: true,
saveUninitialized: true,
cookie:
{
secure: false, httpOnly:false,
sameSite: false,
maxAge: 30 * 24 * 60 * 60 * 1000,
}
}));
i try to debug code, but don't a source of problem
I am trying to use express-session with the Windows IIS server, but I am not receiving cookies at the frontend, I set the following configuration for express-session. Please help me if anyone knows the issue. In localhost, it is working fine.
app.use(session({
genid: function(req) {
return v4() // use UUIDs for session IDs
},
store: new MemoryStore({
checkPeriod: 60 *60000 // prune expired entries every 60 minutes
}),
resave:true,
saveUninitialized:false,
proxy: true,
secret: 'abcdef',
rolling:true,
cookie:{ httpOnly: true, sameSite:"none", secure:true, maxAge:20 * 60000} //20 minutes
}))
Server on express (4.16.3), with it the express-session (1.15.6) module works.
Code:
// ...
app.use(session({
secret: 'mySecret',
resave: false,
saveUninitialized: true,
store: new MongoDBStore({
uri: 'my-url',
collection: 'sessions'
})
}))
// ...
The essence of the problem: I open the Yandex browser - assign a session, then close it and when I reopen it - a new session. The matter is that authorization is tied to sessions.
The problem is observed in the Yandex browser, microsoft EDGE and in all mobile browsers, while in chrome and opera works correctly.
Help solve the problem or maybe something can replace the module express-sessions
This is happening because your browser default expire the cookie when the browser is closed. In order to fix you can add cookie:{ maxAge: 60000} to your session.
app.use(session({
secret: 'mySecret',
resave: false,
cookie:{ maxAge: 60000},
saveUninitialized: true,
store: new MongoDBStore({
uri: 'my-url',
collection: 'sessions'
})
if you want to make the cookie to not expire, the best way is to set a large number.
// this will it expire in 200 years
cookie: { maxAge: 9000000000000}
or a very far future date in expire property.
// this will expire in year 9999
cookie: {expires: new Date(253402300000000)}
I set up the session maxAge of express like documented.
Here is my code:
app.use(session({
secret: process.env.SESSION_SECRET,
saveUninitialized: true,
resave: true,
maxAge: 1000* 60 * 60 *24 * 365,
store: new MongoStore({mongooseConnection:mongoose.connection})
}));
But every time I close the browser, I find myself logged out.
Also, note that I am using Passport local, facebook, and google authentications.
They all expire.
In the console, I can see that the connect.sid in the expires/maxAge section lists "Session" while other cookies have dates...
What am I doing wrong?
you need to configure your express-session, and set maxAge on session-cookie
app.use(express.session({
cookie : {
maxAge: 1000* 60 * 60 *24 * 365
},
store : new MongoStore({mongooseConnection:mongoose.connection})
});
//.....
app.use(passport.session());
So I'm using express-session with a mongo store like so:
app.use(session({
secret: 'some secret here',
saveUninitialized: false,
resave: false,
store: new MongoStore({
url: 'http://someurlhere'
})
}));
I have some login middleware, which after a successful login I want to then set the session cookie expiry time.
So I am testing with a 10 second expiry time right now using
req.session.cookie.expires = new Date(Date.now() + 10000);
I want the session expiry to reset for each subsequent request. Currently after 10 seconds have elapsed, no matter how many requests I have made after logging in, the session expires.
I feel like I have misunderstood something here!
EDIT
Ok so I missed the rolling config option in the docs, but even when I set this to true in my session config options, the same behaviour occurs:
app.use(session({
secret: 'some secret here',
saveUninitialized: false,
resave: false,
store: new MongoStore({
url: 'http://someurlhere'
}),
rolling: true,
cookie: {
maxAge: 10000
}
}));
I am now console logging the value of the cookie maxAge across my routes and see it decreasing as each subsequent request is made after logging in, it never reset back to 10000.
What am I doing wrong?
SOLVED
Ok so I came across a comment on this issue
I changed resave to true and it works as expected now.