Session is not invalidated after time expires using login_for

[robertsarkozi]

login_for method takes a Duration parameter, for how long the user should be logged in, after whose expiration I'm expecting the user to not be authorized anymore. I'm trying this with one minute.

    auth.login_for(&form, std::time::Duration::from_secs(60))
        .await?;

In session/default/mod.rs this sets the auth key for that amout of time, but it seems it doesn't have effect...

    #[throws(Error)]
    fn insert_for(&self, id: i32, key: String, time: Duration) {
        let key = AuthKey {
            expires: time.as_secs() as i64,
            secret: key,
        };
        self.insert(id, key);
    }

User session keeps letting me make requests even after 1 minute has passed.

Shouldn't rocket_auth automatically invalidate the session after expiration?

[robertsarkozi]

A possible solution could be the changes I made in a fork: https://github.com/robertsarkozi/rocket_auth/commit/94bb98cf19749aa71b29bfab5e93f13f9e300137

• calling clear_expired() in Users::is_auth() to clear all expired sessions
• fixing how expired is calculated (a duration cannot be compared to a unix timestamp, so it needed to be added to now())