expressjs
Give error for incorrect maxAge and expires Type
Out of mere developer error, I inserted into the maxAge field what should have been entered in expires:
maxAge : new Date(Date.now() + 3600000)
Instead of
expires : new Date(Date.now() + 3600000)
However this causes a weird quirk in creating a session, for example, setting username and password within seconds of eachother will create two sessions, each with a negative maxAge
{
"_id" : "zY02IMuLO720J-SLFKVj"
"session" : {
"cookie" : {
"originalMaxAge" : -104023,
"expires" : ISODate("..."),
"secure" : null,
"httpOnly" : true,
"domain" : null,
"path" : "/"
},
"username" : "username"
},
}
"_id" : "fJ92IErLO730J-sLPMvQ"
"session" : {
"cookie" : {
"originalMaxAge" : -104035,
"expires" : ISODate("..."),
"secure" : null,
"httpOnly" : true,
"domain" : null,
"path" : "/"
},
"password" : "hashed_password"
},
}
So they are set as separate sessions, and this causes a session to expire, and new session to be created immediately, having some functionality to have express-session throw an error if the wrong type is entered would be beneficial.
Hi @jackycute, this issue is about when you give a Date object to the maxAge option, it behaves erratically and instead it should just throw. Is that what your issue is? If not, you may want to open a new issue describing the issue you are having so we can help :) This is basically a feature request issue.
This is the same issue @jackycute and I are running into, yep — I think more of a "weird behavior" report than a feature request, but agreed
oh ok, maybe my bad.
our issue is the session originalMaxAge is set to be a negative number.
and I did pass a Date object to expries, I don't know if that is appropriate.
https://github.com/hackmdio/hackmd/blob/master/app.js#L120
This is the same issue @jackycute and I are running into, yep — I think more of a "weird behavior" report than a feature request, but agreed
Well, the thing is, JavaScript can change a Date object into a number without issue. Really, the weird behavior is JavaScript itself that you are describing :) You're welcome to create a PR to increase the strictness of validating the input values, though!
our issue is the session originalMaxAge is set to be a negative number. and I did pass a Date object to expries, I don't know if that is not appropriate.
I'm not certain what happens if you are setting both maxAge and expires. I think they are supposed to be mutually exclusive. Does removing expires fix the issue? Perhaps we can open a new issue regarding that behavior as well.
I'm sorry @dougwilson, I don't know I only need to set one of maxAge or expires.
But the section in README.md did say:
Note If both expires and maxAge are set in the options, then the last one defined in the object is what is used.
OK we will try to remove expires and see.
Ah @jackycute, good catch on the readme. That came from the cookie module and doesn't fit well here. Let's move the rest of this conversation to a new issue, please, so we don't loose what the original issue was about.
Never caught wind of the comments closing this out, so I'll go ahead and close :)