better-sqlite3-session-store icon indicating copy to clipboard operation
better-sqlite3-session-store copied to clipboard
verified publisher icon attestate

Allow setting a session with the expires prop set

Open bttger opened this issue 3 years ago • 5 comments

The current code was setting the expire value always one day into the future even if the cookie.expires prop was set.

No worries, tests will follow 😅

bttger avatar Oct 11 '22 11:10 bttger

from: https://github.com/expressjs/session

Note The expires option should not be set directly; instead only use the maxAge option.

Can you address your use case by using maxAge instead of expires? From what I know using expires has become an anti-pattern as everyone that's running a global internet service can't really be dealing with time zones and so defining a relative maxAge in e.g. seconds is much better.

If you're ok with using maxAge then I'd like to close this PR, thanks.

TimDaub avatar Oct 13 '22 17:10 TimDaub

I am not using express but fastify and fastify-session. Internally it is setting the expires prop even when I am setting the maxAge prop. I don't like this behavior and don't understand why they decided to always convert both the expires and maxAge prop to cookie.expires.

Here in the test you can see what I mean.

bttger avatar Oct 13 '22 20:10 bttger

I've just seen that it is not fastify who came up with this design choice but express 😅

cookie.maxAge

Specifies the number (in milliseconds) to use when calculating the Expires Set-Cookie attribute. This is done by taking the current server time and adding maxAge milliseconds to the value to calculate an Expires datetime.

I think the issue here is not dealing with many time zones (because the Expires value must always be in GMT and it gets "calculated") but because clients can be out of sync with the actual time.

Sorry for bothering you with this. I don't really like this design but I think your library would be the easiest place to "fix" the issue I have. Not sure if it's clever to ask the fastify maintainers to change the behavior of the maxAge prop who, I believe, would like to have a close API/behavior to express.

bttger avatar Oct 13 '22 21:10 bttger

because the Expires value must always be in GMT and it gets "calculated"

I wasn't able to confirm this:

  • https://www.rfc-editor.org/rfc/rfc2616#section-3.3.1
  • https://www.rfc-editor.org/rfc/rfc6265#section-4.1.1

TimDaub avatar Oct 19 '22 09:10 TimDaub

I don't understand your problem. From my understanding, both express/session and fastify/session set both expires and maxAge in a similar way.

TimDaub avatar Oct 19 '22 09:10 TimDaub