3

In a web app am developing using express.js am having a problem expiring sessions when a user has not been active for more than 10 minutes. Am using connect-couchdb as the session store.

I tried setting the req.session.cookie.maxAge = 600000. But this causes the session to expire 10 mins after logging in irrespective of user activity. My understanding of the documentation is that req.session.touch() will be called automatically by the connect middleware and hence maxAge (and the expires date) should get refreshed so it lasts another 10 mins, but it is not happening!!

I also tried setting maxAge to 600000 on each request and calling req.session.save() but even then there is no effect.

What am I doing wrong?

BartoszKP
  • 34,786
  • 15
  • 102
  • 130
Manokaran K
  • 320
  • 1
  • 2
  • 11
  • I am experiencing the same problem. Although it refreshes the maxage value with touch it does not actually send a header to the browser to refresh the cookie. Did you ever figure out the problem? – Zaptree Mar 24 '13 at 17:44
  • 1
    @Zaptree: Sorry for the delayed reponse. The problem has not been resolved and it is not high priority for now! But seeing the lack of responses to this, I somehow think am doing something trivially stupid for others to even point out :-) – Manokaran K May 14 '13 at 05:58

1 Answers1

1

You are not doing anything wrong---this is a bug in Connect. The session cookie gets updated in the server, but not pushed to the client, and so the client keeps trying to use the old cookie, which will expire sooner than you want.

More details and discussion here.

Jorge Aranda
  • 2,050
  • 2
  • 20
  • 29