Session stores expect maxAge to be in milliseconds not seconds

[mschaul]

Session stores that are made for express-session use milliseconds in maxAge, and because next-session uses seconds instead the session gets dropped from the session store well before it should and well before the cookie expires. For example, putting 86400 (1 day) into maxAge results in the session expiring in about a minute.

Using seconds in next-session should not be a problem, but passing this value to the session store might have this affect based on what the session store uses to calculate the expiration date. The ones that base their calculations on maxAge are affected, the ones that use the precalculated date provided in expires are not. So, for example connect-redis works fine. But so far, I tested connect-sqlite3 and better-sqlite3-session-store and both of them have this problem.

Here is the documentation for express-session covering the maxAge option: https://expressjs.com/en/resources/middleware/session.html#cookiemaxage

[hoangvvo]

Thanks for bringing this to my attention. It is worth fixing, perhaps what I can do is add an option maxAgeInMs to transform that maxAge before calling session store methods.

[aboveyunhai]

If possible, can you also indicate the unit somewhere in the docs. Not sure how it can be hinted via comment doc in typescript.
It seems like millisecond is more popular in other libs, so people wouldn't get confused and use second elsewhere.

[MaxMEllon]

I have same issue on connect-dynamidb.
Do you plan to implement maxAgeInMs?
Currently, there is no workaround and we are trying to fix it with the patch command at hand.

refs: ca98am79/connect-dynamodb#87 (comment)