How to configure session expiration time. I get logged out constantly.

[hoanghiep1x0]

I a problem that every now and then I have to log in again. How to fix it or maybe set the token's expiration time instead of logging in again and again.

[becem-gharbi]

The user is logged out automatically in three cases:

1. When the refresh token cookie is not found. Two reasons behind this.
   • One, the cookie is not set on login because of security restrictions, check impl.
   • Two, if the user does not log in within the refresh token expiration time (default 7 days), the session is no longer valid. You can check docs.
2. When some uncatched error is thrown on SSR.
3. When the User Agent changes. This may be encountered on dev or test where the user-agent header is changed for example from desktop to mobile.

[hoanghiep1x0]

ok thanks. let me review the problem

[hoanghiep1x0]

I see it still installs cookies. It works very normally in functions that require authentication up to the code get const userId = event.context.auth?.userId still works. But there is an error during the run that may be due to uncatched error is thrown on SSR. The following is the message after which it redirects and forces you to log in again:

[unhandledRejection] read ECONNRESET 6:14:32 PM

 at TCP.onStreamRead (node:internal/stream_base_commons:217:20)

 ERROR
Invalid prisma.refreshToken.delete() invocation in
/Users/admin/Desktop/admin-site-truyen/node_modules/@bg-dev/nuxt-auth/dist/runtime/server/utils/token/refreshToken.mjs:112:35

 109 }
 110 export async function deleteRefreshToken(event, refreshTokenId) {
 111 const prisma = event.context.prisma;
→ 112 await prisma.refreshToken.delete(
An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.```

[hoanghiep1x0]

Can you tell me if this announcement has any impact? I see it appear many times when I dev.

export async function deleteRefreshToken(event, refreshTokenId) {
 111 const prisma = event.context.prisma;
→ 112 await prisma.refreshToken.delete(
An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.

[becem-gharbi]

An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.

The refresh token does not exist. This means that you have another application with different database that have set a refresh token cookie and the current application does not recognize it. Can you confirm that? In this case please make sure to manually clear cookies.

Edit: in this case assigning different refresh token cookie name per application would solve the issue.

[hoanghiep1x0]

yes let me examine this issue more closely.

[becem-gharbi]

In the context of the potential case behind this issue, the module should avoid deleting non-existant refresh token. The bug is here: https://github.com/becem-gharbi/nuxt-auth/blob/3c7d27a661d144c9eaa9eaf2d2033ebfdcab6075/src/runtime/server/utils/token/refreshToken.ts#L137

Thanks for pointing out this issue.