Node + Express Session Expiration?

javascript node.js session express
44,428

Solution 1

You can use expires attribute instead of maxAge. It takes Date object as value. Also, check session cookie exipres on client after they set. Maybe session ended by server (i.e. memcached restart).

Code example: 

app.use(express.session(
  { secret: "secret", store: new MemoryStore(), expires: new Date(Date.now() + (30 * 86400 * 1000)) 
  }));

but 

  app.use(express.session(
    { secret: "secret", store: new MemoryStore(), maxAge: Date.now() + (30 * 86400 * 1000) 
    }));

works fine for me too.

Solution 2

The accepted answer by @Vadim Baryshev is flawed in at least the most recent express-session implementations. When your app starts up you create the session implementation and set the max age. As for the answer using expires, that is not recommended, stick with maxAge.

This means that the maxAge example as written would expire every single session a month after the server starts, and every session created in the future would be expired immediately. Until the server was restarted, there would not be any valid sessions.

Instead of passing a date object, just pass the number of milliseconds to the maxAge property like so:

app.use(
  session({
    ...,
    cookie: {
      maxAge: 30 * 24 * 60 * 60 * 1000
    }
  })
);

Solution 3

maxAge means how long the session lasts, in ms; expires means when the session gonna expire, ie: a date object

var hour = 3600000
req.session.cookie.expires = new Date(Date.now() + hour)

or

var hour = 3600000
req.session.cookie.maxAge = hour

Documentation

Solution 4

The documentation does not recommend setting cookie.expires directly. Instead, set cookie.maxAge directly.

Express session - cookie.expires

Share:
44,428
Admin
Author by

Admin

Updated on July 05, 2022

Comments

  • Admin
    Admin almost 2 years

    I have an app in express and I have a login form. I need sessions to last for 1 month do I set maxAge to a month in milliseconds.

    I left two computers on and logged in for 24 hours and when I came back both were logged out.

    How do I fix this/achieve what I'm trying to do? Thanks.

  • Admin
    Admin almost 12 years
    Could you give me an example of how to use the expires attribute?
  • Vadim Baryshev
    Vadim Baryshev almost 12 years
    app.use(express.session({ secret: "secret", store: new MemoryStore(), expires: new Date(Date.now() + (30 * 86400 * 1000)) })); but app.use(express.session({ secret: "secret", store: new MemoryStore(), maxAge: Date.now() + (30 * 86400 * 1000) })); works fine for me too.
  • rdrey
    rdrey almost 12 years
    the MemoryStore only stores sessions for as long as the express App is running. So if you restart your server at any point, the cookies aren't linked to an in-memory session any more and express will make your users sign in again.
  • Stevie
    Stevie over 10 years
    Maybe I misunderstand how this works, but ... the "expires" example will set an expiry date relative to when the app is started, so one month after the app starts all sessions will immediately expire (incl. any new sessions created after this point)? and the maxAge example sets an age which is (current-offset-from-epoch + 30 days in millis) which is about 44 years from when the app starts ... shouldn't they be wrapped in functions or something?
  • Janac Meena
    Janac Meena almost 6 years
    The docs suggest not to use expires, and to prefer using maxAge: npmjs.com/package/express-session#cookieexpires
  • Daniel Carpio Contreras
    Daniel Carpio Contreras over 5 years
    Why do you set "maxAge: Date.now() + (30 * 86400 * 1000)" in your example? I mean, why the expression "Date.now()" at start? According to docs npmjs.com/package/express-session#cookiemaxage It says "This is done by taking the current server time and adding maxAge milliseconds to the value to calculate an Expires datetime."
  • MartyBoggs
    MartyBoggs almost 5 years
    Daniel's right. The maxAge property should not include a Date.now() component.
  • krivar
    krivar over 4 years
    You're mixing up maxAge and expires again. 6 years old answer, still incorrect :D Read Dong's answer: stackoverflow.com/a/30562724/1905229
  • Sgnl
    Sgnl almost 4 years
    downvoted - expires is not recommended to be used and using Date.now() is not correct

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

req.session undefined and req.session.user_id not working
Expressjs doesn't destroy session
How is the express req.session object persisted?
Sessions won't save in Node.js without req.session.save()
How to send flash messages in Express 4.0?
Nodejs Express3 using sessions to check if user is logged in
Cannot access req.session variables in Express/NodeJS
Property `user` does not exist on type `Session & Partial<SessionData>`
Flutter How can download pdf file from api
UnhandledPromiseRejectionWarning: Unhandled promise rejection in _.map in NodeJs