I've seen lots of questions about this, but none of the answers has solved my issue. I'm using express-session
and I want the users session to remain alive as long as the user makes a request before the coookie MaxAge expires, hence I'm using the rolling
option. For testing I have the MaxAge expiration set to 30 seconds.
If I browse around with only a couple of seconds between clicks, the session appears to stay alive. If however I make a request then wait 20 seconds, the session expires and I get logged out even though I was well within the 30 seconds.
Here's how I have express-session
configured:
var express = require('express')
, cookieParser = require('cookie-parser')
, session = require('express-session');
var app = express();
app.use(cookieParser(EXPRESS_SECRET));
app.use(
session({
cookie: { maxAge : 30000 }, //in milliseconds. 30 seconds for testing
resave: false, //Save the session to store even if it hasn't changed
rolling: true, //Reset the cookie Max-Age on every request
saveUninitialized: false, //Don't create a session for anonymous users
secret: EXPRESS_SECRET,
store: new MongoStore({ mongooseConnection: mongooseConnection })
})
);
My expectation is that setting rolling
to true should allow me to continually remain logged in as long as I click at least once in less than every MaxAge.
Is there something else I have to do to get this working?
- This post suggested setting
resave
to true but it didn't change my results. - This post suggested setting httpOnly to false, but no change for me
- I've tried with
secure
both set to true and not set, with the same results (My site is https) - I've tried setting
saveUninitialized
to both true and false, with the same results. - express: 4.12.1
- express-session: 1.10.3
- cookie-parser: 1.3.5
Update:
So strange, Ive been hitting the same page every 15 seconds and monitoring the connect.sid
cookie in the Chrome browser tools, and it usually is reset by 30 seconds on every request but every now and then, it doesn't change when I make a request. Sure enough waiting another 15 seconds and the session expires and I'm logged out.
I've logged an issue with express-session
: https://github.com/expressjs/session/issues/391