express.js cookie session expire and csrf

Asked Apr 07 '14 at 00:20

Active Jan 07 '16 at 14:50

Viewed 1,634 times

I'm using express.js and mongoStore and csrf in express.js and I want to maintain the login session for 24 hours.

so my express configuration file is like this.

// express/mongo session storage
app.use(express.session({
  secret: pkg.name,
  store: new mongoStore({
    url: config.db,
    collection : 'sessions',
    auto_reconnect: true
  }),
  cookie:{
    maxAge  : new Date(Date.now() + 3600000*24) //1 Hour = 3600000
  }

}))

// adds CSRF support
app.use(express.csrf())

and it works maintaining login session for 24 hours. the problem is csrf session token also change. Thus, after 24 hours from first login, csrf error occur on my website.

is there any way to maintaining user login session without csrf error? thanks in advance! :D

edited Jan 07 '16 at 14:50

Alvaro

40,778
30
164
336

asked Apr 07 '14 at 00:20

Eun Bit Hwang

1

After trying some options, I think the problem is that missing `expires` and wrong setting of `maxAge`. It works fine so far. `cookie: { expires: new Date(Date.now() + 3600000*24*15), maxAge: 3600000*24*15 }` – Eun Bit Hwang Apr 07 '14 at 03:48
Refer to the [documentation](https://github.com/expressjs/session#cookieexpires), just set the maxAge options. If there is expires and maxAge set, the last one is used. – dehamzah Feb 12 '17 at 03:15

express.js cookie session expire and csrf

0 Answers0