expressjs
Refreshing page bugs expire time.
I'm using the following:
router.use(session({
secret: 'SECRET',
resave: false,
saveUninitialized: true,
cookie: {secure: false, expires: new Date(Date.now() + config.sessionTime)}
}));
Where config.sessionTime is 20000.
I then have a two routes, which have the following code.
router.route('/session')
.get(function(req, res) {
if(req.session.views == undefined) return res.send('Your session has expired. Visit <a href="/test/session-start">here</a> to start a new session.');
req.session.views++;
res.send('Your session will expire in: ' + req.session.cookie.maxAge + ' (MS). You have viewed this page: ' + req.session.views + ' times.');
});
router.route('/session-start')
.get(function(req, res) {
req.session.views = 0;
res.send('Your session has started, and will expire in: ' + req.session.cookie.maxAge + ' (MS).');
});
Whenever I visit /session-start, to start my session then visit /session the expire time acts up whenever I refresh the page. Here's some results: Your session will expire in: 16829 (MS). You have viewed this page: 1 times. Your session will expire in: 17771 (MS). You have viewed this page: 4 times. Your session will expire in: 13660 (MS). You have viewed this page: 5 times. Your session will expire in: 18035 (MS). You have viewed this page: 8 times.
The time seems to reset everytime I refresh (so if I refresh quickly, the time left will be a greater number.
Well, for one thing, you should not use the expires for the cookie, because that is set in stone when the server starts; you probably want to use maxAge instead. Can you try with that to see if it results in the same behavior?
If so, would you mind noting the version of this module you are using, the version of Node.js, a complete server I can copy-and-paste into a file app.js, and the specific steps to reproduce the behavior?
The first time, I was using maxAge and it did the same thing. Node V4.2.4, "express-session": "^1.13.0". I used maxAge: config.sessionTime.
Thanks, @Stackoverload. Would you mind noting the version of this module you are using? You can get this using npm ls express-session; the information from your package.json only provides a possible range of versions you may be using. Can you also provide a complete server I can copy-and-paste into a file app.js, and the specific steps to reproduce the behavior?
If I can get it going to reproduce your issue, I'm sure we can get a fix out quickly :)
[email protected] is the version.
test.js
var router = require('express').Router();
router.route('/session')
.get(function(req, res) {
if(req.session.views == undefined) return res.send('Your session has expired. Visit <a href="/test/session-start">here</a> to start a new session.');
req.session.views++;
res.send('Your session will expire in: ' + req.session.cookie.maxAge + ' (MS). You have viewed this page: ' + req.session.views + ' times.');
});
router.route('/session-start')
.get(function(req, res) {
req.session.views = 0;
res.send('Your session has started, and will expire in: ' + req.session.cookie.maxAge + ' (MS).');
});
module.exports = router;
index.js
var express = require('express');
var session = require('express-session');
var config = require('./lib/config');
var app = express();
app.use(session({
secret: 'SomeSecret',
resave: false,
saveUninitialized: true,
cookie: {secure: false, maxAge: config.sessionTime)}
}))
app.use('/test', require('./test'));
app.listen(config.host.port, config.host.ip, function(err) {
if(err) throw err;
console.log('Server is running at: ' + config.host.ip + ':' + config.host.port);
});
Hi, I think this may just be the bug https://github.com/expressjs/session/issues/2. Does that bug sound like what you are experiencing?
Hi @Stackoverload, if that is indeed the issue you are seeing, the fix is straight-forward, but not backwards-compatible easily. We are targeting to fix it with v2 of this module. There may or may not be a work-around you can do, but I'll have to take a look to see what I can provide.
Yeah that's the exact problem I've getting. And alright, hopefully there is :)
I think this is the cause of a performance problem I'm seeing on my own site. I have an single-page client, so to load one page can make up to 5 or 6 API requests, for some more complicated pages, and even though everything just 304s back, typically, I see that each request is resetting the session expiration time, and since my sessions are stored in a remote mongodb instance, I send 6 simultaneous updates for the same object to that db. If I could get it to stop updating the session expiry on every single request, it would greatly reduce my db transactions (and right now about 5% of page loads hit a snag, presumably due to all of the session update activity).
Subscribing to the thread, as I'm also interested in a workaround. I can live on a fork for a while. :)
Edit - Looks like my issue was actually not with the cookie expiration, but rather with the expiration added to the db object by connect-mongo. Sorry for the confusion!
Hi, if you're using something like nodemon and your Store is RAM, remember that every time you change a file the server restarts and Booommm! the memory address will be garbage collected and of course no session. Just saying :)
This is a stale issue. But since it's still open, I'll drop my findings.
If you alter data in your session every time you load it (alterations such as views in the index post above), the hash changes. See below. https://github.com/expressjs/session/blob/ac3f0a256ba376f3e760c83cfde87adf3706cd2e/index.js#L422
This causes the cookie to be saved again, thereby resetting the Expiry. As long as isRolling is false, and resave is false, session data is not being altered, the cookie will remain as is.
@gireeshpunathil I think this issue is solved.
