Closed fr3fou closed 3 years ago
Sorry for the slow reply.
To make this easy, I think I would need to add a Deadline()
method which exposes the expiry time for the current session.
If that was added to SCS, then I think you could do something like this:
Deadline()
method and checks if the expiry time is less than N days away.RenewToken()
method (this creates a new session token while retaining the current session data, and the session lifetime is also reset back to 30 days).I think this should work so long as you are not using an idle timeout on the session and are using the standard LoadAndSave()
middleware.
Do you think this would work? Is it worthwhile exposing the session deadline via a Deadline()
method?
I've added a new Deadline()
method in commit https://github.com/alexedwards/scs/commit/33a92ced6c040d4221fadfd9661011459176f842 which exposes the 'absolute' expiry time associated with a session. I think it's a useful information to expose generally, and I think it should help solve this issue too.
I'm going to close this issue, but if the addition of the Deadline()
method doesn't solve the problem please feel free to re-open.
Hi! Great library!
I'm developing a mobile app with JavaScript and have been wondering how can I use
scs
for long-lasting sessions in a mobile app. I've researched a bunch of articles and they all mention that having long sessions (6 months to a year or so) can be dangerous. I want to know how to implement longer sessions without having the user to login every 30 days or so. My plan was to have my server automatically refresh the session (or generate a new one) on the server if a user has made a request recently and the token is approaching its expiration date. How can I achieve that easily withscs
?