How to extend express session timeout

B

3

13

I'm using express js 4 together with express-session and set maxAge to one hour. However if user continues accessing the website, the timeout should be extended otherwise the user will be logged out even he/she is still using it.

app.use(session({
  secret: 'xxx',
  name: 'sessionId',
  resave: true,
  saveUninitialized: true,
  cookie: {
    httpOnly: true,
    maxAge: 1*60*60*1000
  })
}))

It seems to be a common task but I can't find it anywhere. Thanks in advance.

Brinton answered 8/10, 2017 at 11:4 Comment(0)

I

6

I think you could solve your problem by increasing maxAge each time the user sends a request. When the user sends a request, calculate the time remaining before the session times out, subtract this amount of time from one hour and add the result to maxAge. Alternatively you can use the expires property along with a very large maxAge:

var hour = 3600000
req.session.cookie.expires = new Date(Date.now() + hour)
req.session.cookie.maxAge = 100 * hour

and whenever a request is sent, calculate expires again:

var hour = 3600000
req.session.cookie.expires = new Date(Date.now() + hour)

Ingratiating answered 8/10, 2017 at 12:37 Comment(2)

Thanks. And should I make this into a middleware and call it within all the routers? – Brinton 9/10, 2017 at 3:48

You are welcome. It makes sense to make sure this is done at a central place, to ease the working process. – Ingratiating 9/10, 2017 at 7:39

I

28

express-session has a rolling property that you can set. By default it's set to false. If you set the rolling property to true, it will reset expiration to maxAge.

I got the information from the documentation here

app.use(session({
  secret: 'xxx',
  name: 'sessionId',
  resave: true,
  saveUninitialized: true,
  rolling: true, // <-- Set `rolling` to `true`
  cookie: {
    httpOnly: true,
    maxAge: 1*60*60*1000
  })
}))

Ickes answered 27/7, 2019 at 17:21 Comment(0)

I

6

I think you could solve your problem by increasing maxAge each time the user sends a request. When the user sends a request, calculate the time remaining before the session times out, subtract this amount of time from one hour and add the result to maxAge. Alternatively you can use the expires property along with a very large maxAge:

var hour = 3600000
req.session.cookie.expires = new Date(Date.now() + hour)
req.session.cookie.maxAge = 100 * hour

and whenever a request is sent, calculate expires again:

var hour = 3600000
req.session.cookie.expires = new Date(Date.now() + hour)

Ingratiating answered 8/10, 2017 at 12:37 Comment(2)

Thanks. And should I make this into a middleware and call it within all the routers? – Brinton 9/10, 2017 at 3:48

You are welcome. It makes sense to make sure this is done at a central place, to ease the working process. – Ingratiating 9/10, 2017 at 7:39

S

0

in my case only updating the following property worked! req.session._expires

I'm still not entirely sure why ...

I'm using "express-session": "^1.17.3",

My code use:

req.session._expires = new Date(Date.now() + (process.env.MAX_SESSION_TIME >> 0))

Snyder answered 19/12, 2023 at 22:6 Comment(0)

Recommended topics

Hot tags