search

jaredhanson / passport

Simple, unobtrusive authentication for Node.js.
https://www.passportjs.org?utm_source=github&utm_medium=referral&utm_campaign=passport&utm_content=about
MIT License
22.93k stars 1.24k forks source link

Session is not expiring with cookie-session #722

Closed Jakobud closed 5 years ago

Jakobud commented 5 years ago

I am using cookie-session in Express with PassportJS. I am using just a LocalStrategy. When I log into my application, the browser shows the cookie's Expires / Max-Age as 1969-12-31T23:59:59.000Z which essentially means that it isn't going to expire. Here is my setup:

app.use(session({
  name: 'session',
  keys: ['key1', 'key2'],
  secret: 'cookieSessionSecret',
  cookie: {
    secure: true,
    maxAge: 10000
  }
}))

app.use(passport.initialize());
app.use(passport.session());

The cookie session should be expiring after 10 seconds according to this. Is this something wrong with cookie-session not doing it's job or is this a PassportJS issue? I'm confused by the documentation because Passport seems to imply that it creates persistent sessions (which would mean it does not expire), but if you are using something like cookie-session, then it seems like it should obey the expires or maxAge options.

Environment

Jakobud commented 5 years ago

I just realized I'm using cookie session syntax from Express 3.x instead of 4.x. Works now like this:

app.use(session({
  name: 'session',
  keys: ['key1', 'key2'],
  secret: 'cookieSessionSecret',
  secure: true,
  maxAge: 10000
}))

app.use(passport.initialize());
app.use(passport.session());
bmitchinson commented 4 years ago

Thanks for following up with yourself, hit this same issue.