search

chill117 / express-mysql-session

A MySQL session store for the express framework in node
MIT License
313 stars 106 forks source link

Clarity on "Expires" column in the MySql database #150

Open Tim-Parks-Lynch opened 4 months ago

Tim-Parks-Lynch commented 4 months ago

Hi Chill117,

First of all, thank you for creating this package. MySql was my first dive into programming, so it has always remained popular to me when I use DB's for coding. Hopefully this will be a quick question, and if it turns out it is something I need to ask express-sessions please let me know.

My question being: "How is the value for the 'expires' column inside of the sessions table generated?". Pic below

expires example

Everything is working as I thought it would as far as setting the session to expire and having the session removed. So no errors or issues there, but the 'expires' column seems to just be set to around 1708116620ms or something similar to 1708XXXXXXms. This isn't impacting my application as the cookie and session are still being deleted, but I'm just trying to understand where that value is coming from.

Below is my code, unrelated code was truncated for brevity.

session.js file

require("dotenv").config();
const mysql = require("mysql2/promise");
const { pool } = require("./db_connnection.js");
const session = require("express-session");
const MySQLStore = require("express-mysql-session")(session);

const sessionStore = new MySQLStore(
  {
    clearExpired: true,
    checkExpirationInterval: 60000, //900000, //every 15 mins
    expiration: 43200000, //86400000, // 1 day
  },
  pool
);

module.exports = sessionStore;

server.js file 

const session = require("express-session");
const sessionStore = require("./session.js");

const MAXAGE = 1000 * 60 * 60 * 1;
// 60
// * 1; //1 hr

app.use(
  session({
    key: "session_cookie_name",
    secret: "session_cookie_secret",
    store: sessionStore,
    resave: false,
    saveUninitialized: false, // turn false for cookie consent
    rolling: true,
    cookie: {
      maxAge: MAXAGE,
      secure: true,
      sameSite: true,
    },
  })
);

db_connection.js for pool

require("dotenv").config();
const mysql = require("mysql2/promise");

const pool = mysql.createPool({
  host: process.env.HOST,
  user: process.env.USER,
  password: process.env.PASSWORD,
  database: process.env.DATABASE,
  waitForConnections: true,
  connectionLimit: 10,
  queueLimit: 0,
});

module.exports = {pool,}

Once again, thank you very much and appreciate the work that went into this!

-Tim

chill117 commented 2 months ago

Hi Tim,

The expires value in the sessions table comes from the cookie.expires value (if it is used) or the current timestamp plus the expiration option time. See the following code as a reference:

                        let expires;
                        if (data.cookie) {
                                if (data.cookie.expires) {
                                        expires = data.cookie.expires;
                                } else if (data.cookie._expires) {
                                        expires = data.cookie._expires;
                                }
                        }
                        if (!expires) {
                                expires = Date.now() + this.options.expiration;
                        }
                        if (!(expires instanceof Date)) {
                                expires = new Date(expires);
                        }
                        // Use whole seconds here; not milliseconds.
                        expires = Math.round(expires.getTime() / 1000);

index.js#L201-L216 index.js#L244-L259