3

I've seen lots of questions about this, but none of the answers has solved my issue. I'm using express-session and I want the users session to remain alive as long as the user makes a request before the coookie MaxAge expires, hence I'm using the rolling option. For testing I have the MaxAge expiration set to 30 seconds.

If I browse around with only a couple of seconds between clicks, the session appears to stay alive. If however I make a request then wait 20 seconds, the session expires and I get logged out even though I was well within the 30 seconds.

Here's how I have express-session configured:

var express = require('express')
, cookieParser = require('cookie-parser')
, session = require('express-session');

var app = express();
app.use(cookieParser(EXPRESS_SECRET));
app.use(
    session({
        cookie: { maxAge : 30000 },     //in milliseconds. 30 seconds for testing
        resave: false,                  //Save the session to store even if it hasn't changed
        rolling: true,                  //Reset the cookie Max-Age on every request
        saveUninitialized: false,       //Don't create a session for anonymous users
        secret: EXPRESS_SECRET,
        store: new MongoStore({ mongooseConnection: mongooseConnection })
    })
);

My expectation is that setting rolling to true should allow me to continually remain logged in as long as I click at least once in less than every MaxAge.

Is there something else I have to do to get this working?

  • This post suggested setting resave to true but it didn't change my results.
  • This post suggested setting httpOnly to false, but no change for me
  • I've tried with secure both set to true and not set, with the same results (My site is https)
  • I've tried setting saveUninitialized to both true and false, with the same results.
  • express: 4.12.1
  • express-session: 1.10.3
  • cookie-parser: 1.3.5

Update:

So strange, Ive been hitting the same page every 15 seconds and monitoring the connect.sid cookie in the Chrome browser tools, and it usually is reset by 30 seconds on every request but every now and then, it doesn't change when I make a request. Sure enough waiting another 15 seconds and the session expires and I'm logged out.

I've logged an issue with express-session: https://github.com/expressjs/session/issues/391

Community
  • 1
  • 1
Daniel Flippance
  • 6,673
  • 3
  • 39
  • 53

0 Answers0