I set up the session maxAge of express like documented.
Here is my code:
app.use(session({
secret: process.env.SESSION_SECRET,
saveUninitialized: true,
resave: true,
maxAge: 1000* 60 * 60 *24 * 365,
store: new MongoStore({mongooseConnection:mongoose.connection})
}));
But every time I close the browser, I find myself logged out.
Also, note that I am using Passport local, facebook, and google authentications.
They all expire.
In the console, I can see that the connect.sid in the expires/maxAge section lists "Session" while other cookies have dates...
What am I doing wrong?
you need to configure your express-session, and set maxAge on session-cookie
app.use(express.session({
cookie : {
maxAge: 1000* 60 * 60 *24 * 365
},
store : new MongoStore({mongooseConnection:mongoose.connection})
});
//.....
app.use(passport.session());
Related
I use express-session with oauth library, but it seams there is some problem to save session data while interacting with oauth server
is there a way to identify possible session-saving problem?
I init a session in such way
app.set("trust proxy", 1)
app.use(session({
secret: 'secret',
resave: true,
saveUninitialized: true,
cookie:
{
secure: false, httpOnly:false,
sameSite: false,
maxAge: 30 * 24 * 60 * 60 * 1000,
}
}));
i try to debug code, but don't a source of problem
In my NodeJs / Express app, I'm using the standard session package and Passport to handle sessions and login. My problem is that the app kicks the user out after what feels like 10 minutes of inactiviy, and forces them to log-in again. My assumption is that it must be something to do with the session configuration, which with my limited understanding, I think is configured to allow 2 hours:
const session = require("express-session");
const PostgreSqlStore = require("connect-pg-simple")(session);
const sessionAge = 2 * 60 * 60 * 1000; // hour, min, sec, millisecond
var sessionConfig = {
name: "mysite",
secret: "verysecret",
resave: true,
saveUninitialized: false,
proxy: trustedTypes,
cookie: {
key: "cookieKey",
secure: true,
sameSite: false,
httpOnly: true,
maxAge: sessionAge,
},
store: new PostgreSqlStore({
pgPromise: db,
ttl: 2 * 60 * 60, //Hours, minute, seconds
}),
};
app.use(session(sessionConfig));
Is there anything I'm doing wrong, or is there something else I should be looking at to find the cause of this behavior?
store: new PostgreSqlStore({
pgPromise: db,
ttl: 2 * 60 * 60, //Hours, minute, seconds
})
I think your PostgreSQL store ttl property should be equivalent to maxAge property of session config
I've discovered that apparently although by default the session does get extended on the server, it won't send an updated cookie to the browser if nothing has changed in it. The missing property is the 'rolling' attribute.
var sessionConfig = {
rolling: true,
I am using code from Stripe's rocket rides to serve cookies and remember users:
const cookieParser = require('cookie-parser');
const session = require('cookie-session');
// ...
const app = express();
// Enable sessions using encrypted cookies
app.use(cookieParser(config.secret));
app.use(
session({
// cookie expiration: 90 days
cookie: {maxAge: 90 * 24 * 60 * 60 * 1000},
secret: config.secret,
signed: true,
resave: true,
})
);
The problem is that the cookies served are session cookies (I inspected them with Chromium Developer Tools) and deleted when the browser window closes. I checked that the live server of Rocket Rides also serves session cookies.
How can I enforce the maxAge for the cookie to persist for 90 days?
Here try this.
app.use(cookieParser(config.secret));
app.use(
session({
// Cookie Options
maxAge: 90 * 24 * 60 * 60 * 1000,
secret: config.secret,
signed: true,
resave: true,
})
);
I decided to use express session instead of cookie session so that I can use the rolling option which is only available in express session that allows me to only sign out users based on inactivity.
Here is my setting:
app.use(session({
secret: [keys.session.secret],
cookie: {
path: '/',
httpOnly: true,
secure: false,
maxAge: 1200000 //20 minutes
},
rolling: true,
resave:true,
saveUninitialized:true
}));
I have set the maxAge to 20 minutes but I keep on getting signed out every 3-4 minutes and I am not sure why
I am currently building a rest api with express backed up with a mongo database. At the moment, I have setup a simple authentication process which saves a session object in the mongo database.Thing is I don't send back anything to the client such as a session ID. Still, when i close the browser and open it again, then log req.session, i still get the user id that i previously saved in the session. I was wondering how does express know that it is the same client. If someone could clearify this to me, it would be great.
Here is how i set the session:
app.use(
session({
secret: "This is a secret",
cookie: {
maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
},
store: store,
resave: true,
saveUninitialized: true
})
);