the exipration property seems doesn't work

Question

the exipration property seems doesn't work

Roen-Ro opened this issue 6 years ago · comments

in my code, i set the expiration property to 5000 milliseconds, expect the session to be expired after 5 seconds.

        //session 
        var sessionOption = {
            // Whether or not to automatically check for and clear expired sessions:
            clearExpired: true,
            // How frequently expired sessions will be cleared; milliseconds: 2个小时 
            checkExpirationInterval: 7200000,
            // The maximum age of a valid session; milliseconds
            expiration: 5000,//5 seconds
            // Whether or not to create the sessions database table, if one does not already exist:
            createDatabaseTable: true,
        }

        sessionStore = new mySQLSessionStore(sessionOption,pool);

in my request handle file, beside for the 1st time, i found the session never expires.

router.all('/log', (req, res, next) => {
// do verifying here...
  var para = req.query;
  if(req.session.userName){
       res.send( 'session is valid  ');
  }
 else {
     req.session.userName = para.userName;
     res.send( 'session expired  ' );
 }
});

Charles Hill · Answer 1 · Fri Nov 09 2018 06:33:29 GMT+0800 (China Standard Time)

I think the reason you aren't seeing any sessions deleted is that you didn't change the checkExpirationInterval option. Try setting it to 5 seconds as well. I think that should clear things up for you.

Roen · Answer 2 · Fri Nov 09 2018 10:17:11 GMT+0800 (China Standard Time)

thanks chill, for the great work.
yes, i ever set both checkExpirationInterval and expiration values to 5000, but the session never expires, except that the cookie expiration reached.
if it is better to automatically check the session expiration(not the cookie) whenever it assigned to a request, even it still in the store?

Martin · Answer 3 · Wed Dec 19 2018 01:28:43 GMT+0800 (China Standard Time)

Not working even for me.

Charles Hill · Answer 4 · Thu Dec 20 2018 18:52:14 GMT+0800 (China Standard Time)

Can you provide some simplified working example that shows the unexpected behavior and then explain what you expect to happen?

Whenever a request is made to the server, by a client with a session, their session is "touched" by the session middleware. This updates its expire time. The result is that if the client makes a request before their session has expired, it will continue to remain active beyond its original expire time.

Roen · Answer 5 · Fri Dec 21 2018 09:09:34 GMT+0800 (China Standard Time)

Assume that we set both checkExpirationInterval and expiration values to 5000(millisecond). Then a session is created(or touched) and is assigned with a username at time t1 from a request

req.session.username = 'somebody';

then another request is received from the same client at time t2 which is beyond the expiration, that is to say t2 - t1 > 5000 millisecond, at this moment i expect the username value to have been cleared from the session

  if(req.session.username) { //unexpected
       res.send( 'session is valid  ');
  }
 else { //expected
     res.send( 'session expired  ' );
 }

Charles Hill · Answer 6 · Sun Dec 23 2018 00:09:32 GMT+0800 (China Standard Time)

Thank you for the clarification, @Roen-Ro

The issue has been fixed and included in the latest release (v2.1.0).

Roen · Answer 7 · Mon Dec 24 2018 22:36:43 GMT+0800 (China Standard Time)

Great! thanks @chill117