ExpressJS session expiring despite activity

node.js session express session-cookies
13,603

Solution 1

Here is the solution in case anyone else has the same issue:

function (req, res, next) {

    if ('HEAD' == req.method || 'OPTIONS' == req.method) return next();

    // break session hash / force express to spit out a new cookie once per second at most
    req.session._garbage = Date();
    req.session.touch();

    next();

}

Solution 2

Rolling sessions now exist in express sessions. Setting the rolling attribute to true in the options, it will recalculate the expiry value by setting the maxAge offset, applied to the current time.

https://github.com/expressjs/session/issues/3

https://github.com/expressjs/session/issues/33

https://github.com/expressjs/session (search for rolling)

For example, note the rolling:

app.use(session({
  secret: 'a secret',
  cookie: {
    path: '/',
    httpOnly: true,
    secure: false,
    maxAge: 10 * 60 * 1000
  },
  rolling: true
}));
Share:
13,603

Related videos on Youtube

jckdnk111
Author by

jckdnk111

Updated on July 05, 2022

Comments

  • jckdnk111
    jckdnk111 almost 2 years

    Bringing this question to SO since the express group didn't have an answer.

    I'm setting the session maxAge = 900000 and I see that the the expires property on the session cookie is set correctly. However, on subsequent requests the timeout is not being extended. It is never extended and the cookie eventually expires.

    The session middleware docs say that Session#touch() isn't necessary because the session middleware will do it for me. I actually tried calling req.session.touch() manually and that did nothing, I also tried setting the maxAge on the req.session.cookie as well and that did nothing :-(

    Am I missing a setting somewhere to automatically extend active sessions? Short of recreating the cookie manually on each request is there any other way to extend a session timeout after end-user activity?

    EDIT: I experienced this problem in express v3. I'm not 100% sure but I think this note from the express changelog may have been the culprit:

    • HILARUDEEN S ALLAUDEEN
      HILARUDEEN S ALLAUDEEN over 11 years
      I have used express 2.x in one of my project last one year. It's working as awesome on handling session-cookie and more there is a lot of things to focus in this case. You have to confirm with your cookies properties like path, protocal(http only) and secure. In general, any HTTP transaction will expect the cookie which is set by previous request for further process of authentication. So do some debug in client(Browser) by using firebug or Chrome debugger.And Post your code snippet to give more relevant answer
    • UpTheCreek
      UpTheCreek over 8 years
      @jckdnk111 - that changelog link seems to have gone - do you have another?
  • UpTheCreek
    UpTheCreek almost 11 years
    Shouldn't this be reported as a bug?
  • jckdnk111
    jckdnk111 almost 11 years
    I asked about it on the forums and no one seemed to think so. I suppose it could be thought of as a feature since you actually have control over when to extend or not extend the session.
  • UpTheCreek
    UpTheCreek almost 11 years
    Seems like strange default behaviour to me!
  • Igor Malyk
    Igor Malyk over 10 years
    Indeed, it is counter intuitive at least. Spent an hour trying to figure out why it doesn't work out of the box despite the manual session.touch() call. Thanks a lot man.
  • Chris Foster
    Chris Foster over 10 years
    There is a bug report about this behaviour: github.com/senchalabs/connect/issues/670
  • Piyush Beli
    Piyush Beli over 7 years
    This should be the accepted answer as per the latest config option provided by express-session module.
  • Admin
    Admin over 5 years
    What is this mean req.session._garbage = Date(); ??
  • PirateApp
    PirateApp over 4 years
    upvoted! what is the value of resave in your setting? does it being false or true affect rolling?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Express 4 Sessions not persisting when restarting server
Setting Node.js Express session expiration time in SessionStore in stead of in cookie
when should I use cookie-parser with express-session?
req.session.destroy() not working in Nodejs
Redis error: Error: Redis connection to 127.0.0.1:6379 failed - connect ECONNREFUSED 127.0.0.1:6379
NodeJS express-session req.session is undefined
req.session undefined and req.session.user_id not working
NodeJS + Express + Mongo Session storage
Expressjs doesn't destroy session
How to make the session expire after a browser close in node.js with express?