Node.JS with RedisStore session timeout - node.js

i'm using Redis to store sessions in my node.js app, hosted on heroku, but redis is keeping the session stored, how can i make them expire automatically?
My express app is configured this way:
var app = express.createServer(
express.static(__dirname + '/public', { maxAge: 31557600000 }),
express.cookieParser(),
express.session({ secret: 'secret', store: new RedisStore({
host: 'myredishost',
port: 'port',
pass: 'myredispass',
db: 'dbname'
})})
);

As the Connect session middleware docs state, you need to set the maxAge property on the cookie object:
express.session({ secret: 'secret', store: ..., cookie: { maxAge: 60000 }});
Read more about that here: http://senchalabs.github.com/connect/middleware-session.html

They will expire based on the cookie if you're using req.session.cookie.maxAge.

Related

Node JS: Update Redis TTL

I hope that I can update Redis's TTL when the user is still active so that the user won't auto logout after 15 mints
Below is my code to save the user session
const session = require('express-session');
const redisStore = require('connect-redis')(session);
const redis = require("redis");
var client = redis.createClient();
var app = express();
app.use(session({
secret: 'MY_SECRET',
store: new redisStore({
host: '127.0.0.1',
port: 6379,
client: client,
ttl: 900
}),
saveUninitialized: true,
resave: true,
cookie: {
secure: true,
maxAge: 1500
}
}));
My question is, how do I extend the TTL when the user is still active in my website?
resave: true means that the socket will resave (and reset the TTL) every time the user hits the API. See express-session docs.

Res header contaisn set Cookie but browser isn't storing it

I'm using express-session to store session cookie. I can see Set-Cookie connect.ssid under the response header but for some reason it is not getting stored in the cookie.
I'm wondering if this is a CORS issue, my app file looks like this. Should I change something here to make it work.
const session = require('express-session');
const config = require('config');
var MemoryStore = require('memorystore')(session);
module.exports = function (app) {
// app.use(
// session({
// secret: 'key sign',
// resave: false,
// saveUninitialized: false
// })
// );
app.use(express.json());
app.use(cors({ credentials: true }));
enter code here
app.set('trust proxy', 1);
app.use(
session({
saveUninitialized: false,
cookie: { maxAge: 86400000 },
store: new MemoryStore({
checkPeriod: 86400000
}),
resave: false,
cookie: { secure: false },
secret: config.get('sessionStorage')
})
);
app.use('/api/users', users);
Here is how I fixed this.
Add SSL to both frontend and backend.
If it is self-signed, ensure browser trust it. For example, if you're using mac, go to keychain, select specific certificate and select always trust option.
Restart the system. Only then SSL will be properly set otherwise there would still be insecure badge in the navigations.

Express session create new session every request

I been search a lot and dont found solutions,
when I send request in postman everything goes well
but in my react app every request I send i get new session and I lossing my User info (using passport)
there is my backend session configuration:
app.use(cors({
credentials: true,
origin: 'http://localhost:3000',
methods:['GET','POST', 'DELETE', 'PUT'],
}));
//SESSION CONFIGURATION
const sessionStore = new MongoStore({
mongooseConnection: connection,
collection: 'sessions'
})
const sessionConfig = {
store: sessionStore,
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: { maxAge: 3600000, httpOnly: true, secure: false}
};
app.use(session(sessionConfig));
there is my axios configuration (fontend):
const instance = axios.create({
baseURL: 'http://127.0.0.1:5000/',
withCredentials: true
});
I really exhausted from this problem need some help thanks in advance
UPDATED
problem not solved but I see that my client side dont store any coockie in the browser and I get the coockie in the auth response

What is the best time to set MaxAge for my cookies in my REST Api

What is conventional time to set (MaxAge) for my cookies in my Rest Api and I am using connect-mongo package to save the session on My mongodb, How do i destroy of delete the session from my mongodb once the user logged out.
The setup for my cookie is
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: new MongoStore({
mongooseConnection: mongoose.connection
}),
cookie: {
maxAge: 60000 * 30
}
}));
And the for the authentication am using passport

Redis Cloud for sessions in node heroku app

I have an express app that was using redis cloud to store sessions in Heroku. It was working fine a few months ago, but I have just revisited it and it is no longer working. It seems there is no session, and throws the error TypeError: Cannot read property 'user' of undefined, the offending line of code is
if (!req.session.user) {
...
...
}
Maybe I'm configuring things incorrectly
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
var redis = require('redis-url').connect(config.redis_url);
var sessionMiddleware = session({
store: new RedisStore({
host: config.redis_host,
port: config.redis_port
}),
secret: 'Its a secret.',
cookie: { secure: true },
saveUninitialized: true,
resave: true
});
The corresponding config file is
module.exports = {
mongo_url: process.env.MONGOLAB_URI || 'mongodb://127.0.0.1:27017/psa',
redis_url: process.env.REDISCLOUD_URL || 'redis://localhost:6379',
redis_host: taken from process.env.REDISCLOUD_URL,
redis_port: taken from process.env.REDISCLOUD_URL,
port: process.env.PORT || 5000
};
This works locally forman start web when I define the session middleware as follows
var sessionMiddleware = session({
secret: 'VkWdLXauq6ya',
saveUninitialized: true,
resave: true,
store: new RedisStore({
client: redis
}),
cookie: {
path: '/',
maxAge: 3600000
},
name: 'sessionCookie'
});
Are you using the cookieParser middleware? You'll need:
app.use(express.cookieParser());
Seems like it is similar to this other stackoverflow question.
How are you using the created session middleware? eg:
var sessionMiddleware = session({
That creates a Function that can be used in your express stack. However, it does nothing until you actually use it, like:
var app = express();
app.use(sessionMiddleware);

Resources