You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Session stores that are made for express-session use milliseconds in maxAge, and because next-session uses seconds instead the session gets dropped from the session store well before it should and well before the cookie expires. For example, putting 86400 (1 day) into maxAge results in the session expiring in about a minute.
Using seconds in next-session should not be a problem, but passing this value to the session store might have this affect based on what the session store uses to calculate the expiration date. The ones that base their calculations on maxAge are affected, the ones that use the precalculated date provided in expires are not. So, for example connect-redis works fine. But so far, I tested connect-sqlite3 and better-sqlite3-session-store and both of them have this problem.
Thanks for bringing this to my attention. It is worth fixing, perhaps what I can do is add an option maxAgeInMs to transform that maxAge before calling session store methods.
If possible, can you also indicate the unit somewhere in the docs. Not sure how it can be hinted via comment doc in typescript.
It seems like millisecond is more popular in other libs, so people wouldn't get confused and use second elsewhere.
I have same issue on connect-dynamidb.
Do you plan to implement maxAgeInMs?
Currently, there is no workaround and we are trying to fix it with the patch command at hand.
Session stores that are made for
express-session
use milliseconds inmaxAge
, and becausenext-session
uses seconds instead the session gets dropped from the session store well before it should and well before the cookie expires. For example, putting 86400 (1 day) intomaxAge
results in the session expiring in about a minute.Using seconds in
next-session
should not be a problem, but passing this value to the session store might have this affect based on what the session store uses to calculate the expiration date. The ones that base their calculations onmaxAge
are affected, the ones that use the precalculated date provided inexpires
are not. So, for example connect-redis works fine. But so far, I tested connect-sqlite3 and better-sqlite3-session-store and both of them have this problem.Here is the documentation for
express-session
covering themaxAge
option: https://expressjs.com/en/resources/middleware/session.html#cookiemaxageThe text was updated successfully, but these errors were encountered: