3

In node I have a https server, and I use sessions with a maxage value, here's the code:

app.use(express.cookieParser());
app.use(express.session({ 
  secret: 'secret stuff',
  store: sessionStore,
  cookie: { 
    secure: true,
    maxAge: 60 * 1000 //1 minute
  } 
}));

I want a functionality like if the user visits the site within maxAge period (1 min in this case) the cookie timer starts over again, and he/she has 1 minute left to loose it's session id.

I see that the req.session._expires is updated (by the session middleware), but the cookie is left as it is. So the cookie will expire, a new session id connect.sid will be generated.

How can I achieve this? I thought it's automatically done by the session middleware, but seems like the expiration of cookie and expiration of session are two different things, than what session._expires is it for?

Edit

Here DanielBaulig word my problem better. As Marc B wrote in the comments the cookie expires, so the session became orphaned. That's what I want to avoid, I want to renew the cookie, when the session is touched.

balazs
  • 5,698
  • 7
  • 37
  • 45
  • 1
    cookie lifetime sets how long a cookie should live within the user's browser. session lifetime sets how long a session should live on the server. it is possible to have either of them expire independently of the other. – Marc B Oct 11 '12 at 15:42
  • @MarcB clear, thanks, so If I'm right I should update my cookie myself, or leave it null, and set a maxAge for the session (that will be another question. :) ). – balazs Oct 11 '12 at 15:47
  • 1
    if a user's cookie expires, the corresponding session file becomes orphaned and the user is "logged out". if the session file is expired, the user is also "logged out", even though they have what used to be a valid session cookie. – Marc B Oct 11 '12 at 15:58
  • @MarcB Your comments answered my question, if you post it as an answer I can accept it. – balazs Oct 12 '12 at 11:07

1 Answers1

2

Try 

 cookie: { 
    secure: true,
    expires: new Date(Date.now() + 60 * 1000), // plus 1 minute
    maxAge: 60 * 1000 //1 minute
 }

I'm thinking the expires Date isn't being reset properly.

Gloopy
  • 37,767
  • 15
  • 103
  • 71
Robert Peters
  • 3,814
  • 1
  • 17
  • 9
  • This won't work, as explain here: http://stackoverflow.com/questions/15016551/node-js-express-passport-cookie-expiration it will set the expiration date 1 minute after server start which will very soon be in the past. – standup75 Sep 16 '15 at 12:52