I'm on NodeJS, Express app i am using cookies for some features of my app. I need to set cookie life to one month.
For this very purpose i've set cookie maxAge to days*hoursPerDay*minutesPerHour*secondsPerMinute*1000 to achieve one month time 30*24*60*60*1000 = 2592000000.
Yet in browser expiry of my cookies is near 10 hours.
What am i missing, my calculations are wrong? or I am using wrong attribute(maxAge)?
Also what is the difference between maxAge and expiry attribute of cookies?
As far as i know, maxAge wont save in cookie's specifications.
As Don't trust Cookie setMaxAge demonstrated, The mechanism of maxAge works like Change/manipulate expiration date of cookie (based on SERVER_SIDE) but browser checks cookie's expiration date, based on CLIENT_SIDE.
From my point of view, This is misbehavior. Because in order to make max-age work as expected, both client/server DateTime should be synchronized.
maxAge should be set in milliseconds ( i was wrong, as i referred to client part)
https://developer.mozilla.org/en-US/docs/Web/API/document.cookie
are you setting coolie like below?
res.cookie('rememberme', '1', { maxAge: 900000, httpOnly: true })
http://expressjs.com/api.html#res.cookie
Related
I want to expire session when the browser is closed.
I'm using res.cookie('testlocale', 'en', { maxAge: 900000, httpOnly: true });
Also which event should i use in front end(onbeforeunload or onunlod)
I'm not able to understand how to do this. I'm using handlebars in front-end
If you use express-session.
You can set expires: false.
req.session.cookie
Each session has a unique cookie object accompany it. This allows you to alter the session cookie per visitor. For example we can set req.session.cookie.expires to false to enable the cookie to remain for only the duration of the user-agent.
From docs
If you want to manually delete cookies on frontend, I think both are good fit. But I'm not sure it's good idea.
How can I set a cookie that is not removed when the browser is closed?
The docs of res.cookie show option parameters you can pass to the method but I haven't been able to find a configuration that makes the cookie persist after closing the browser.
res.cookie('name', 'spence', { expires: 0 });
Simply set the expires parameter to some value in the future and the cookie will persist. I was getting hung up in the docs because what I thought I wanted was a "session cookie" but like its name implies, a session cookie only lasts for the duration of the browser session.
While it isn't possible to have a cookie to persist indefinitely, you can essentially do the same thing by setting the cookie to expire on some date far in the future.
var farFuture = new Date(new Date().getTime() + (1000*60*60*24*365*10)); // ~10y
res.cookie('name', 'spence', { expires: farFuture });
I have an Express 4.x app, and I pass a cookie to the browser with
res.cookie('foo','bar1', {maxAge:99999999999});
it expires in the distant future. However, 5 minutes later, I get another request from the same user, and I want to give them a new cookie.
res.cookie('foo','bar2', {maxAge:99999999999});
From my debugging, it looks like the new cookie doesn't overwrite the old cookie? Is that the case? How can I update/overwrite the old cookie with the new one?
I am about 99% certain that using the {overwrite: true} property will do the trick - from here:
https://www.npmjs.com/package/cookies
it says:
cookies.set( name, [ value ], [ options ] ) This sets the given cookie
in the response and returns the current context to allow chaining.
If the value is omitted, an outbound header with an expired date is
used to delete the cookie.
If the options object is provided, it will be used to generate the
outbound cookie header as follows:
maxAge: a number representing the milliseconds from Date.now() for
expiry expires: a Date object indicating the cookie's expiration date
(expires at the end of session by default). ... overwrite: a boolean
indicating whether to overwrite previously set cookies of the same
name (false by default). If this is true, all cookies set during the
same request with the same name (regardless of path or domain) are
filtered out of the Set-Cookie header when setting this cookie.
So that would be, in Node.js Express parlance:
res.cookie('cdt_app_token', encoded, {maxAge: 90000000, httpOnly: true, secure: false, overwrite: true});
Note that if you are using a non SSL or non TLS connection, cookies may not work if secure is true.
I've setup a cookie with ctx.cookie.set('jwt', 'abcd', { expires: new Date(xxx) }), but now I need to grab that cookie again and get it's expiry date, how can I do that?
All the options I can see for ctx.cookie.get('jwt') only get the value of the cookie, not any of its options.
There is no way to view the expiration date of a cookie. It simply will not exist in the cookies collection once it has expired. If you truly require the specific date of expiration, you could store it in a separate cookie.
Maybe i did not understand right how connect-mongo works.
When i set
app.use(express.session({
secret: '1234567890QWERTY',
cookie: {maxAge: 1000 * 60},
store: new MongoStore({
db: "DB"
}),
})
This suggest that the session expire after 1 minute.
But my doubt is: if the user refresh the page and on Mongo the session is refreshes too, why after 1 minute the mongo remove the entry?
I want expire the session after 1 minute, but only when user exit or stop interact with browser.
What is the better form to use session how i need?
Thanks.
add:
Oficial Doc
Note: By connect/express's default, session cookies are set to expire when the user closes their browser (maxAge: null). In accordance with standard industry practices, connect-mongo will set these sessions to expire two weeks from their last 'set'. You can override this behavior by manually setting the maxAge for your cookies -- just keep in mind that any value less than 60 seconds is pointless, as mongod will only delete expired documents in a TTL collection every minute.
Well i got the solution
Ref: Express.js and connect-mongo session duration
Ref: https://github.com/senchalabs/connect/issues/670
Ref: https://github.com/fealaer/liltael.com/issues/4
thanks #Ivan