Reputation: 20526
Express Session Different Expiration
I have the following code to create sessions in Express.
app.use(session({
secret: 'randomstring',
saveUninitialized: false,
resave: false,
cookie: {
secure: true,
maxAge: 60000 * 60 /* 1 hour */
}
}));
I mainly use this to store session data in Passport.js. Currently after 1 hour users get automatically logged out. Or the session ends and users get logged out.
Is there an easy way to store more data in the session and have different expiration dates for different information? So say I want the Passport.js (req.session.passport.user) session data to have an expiration of 1 hour. And I want another piece of data say for example (req.session.myDataA) to have an expiration of 30 days. And I want another piece of data (req.session.myDataB) to have no expiration and stay active forever.
Is there an easy way to achieve this behavior in Express Sessions?
Upvotes: 4
Views: 2599
Answers (2)
Reputation: 810
You could set the maxAge of session in another middleware
code:
// after session and passport middleware
app.use(function(req, res, next) {
if (req.session.user) { // some condition
req.session.cookie.maxAge = 1000 * 60 * 60 * 24 // 24 hours
} else if (req.session.myData) {
req.session.cookie.maxAge = 1000 * 60 * 60
}
// another condition
// save the session
req.session.save()
// add next at the end of middleware
// so it can pas data edited to another middleware
next()
})
Upvotes: 2
Reputation: 23534
You can use cookies and set different expirations on different cookie names. So you can have multiple cookies that would hold data and each one would have a specific expiration.
That being said, I would say that both sessions and cookies wouldn't be the correct solution to your problem. I would keep your sessions lean and store the data in a database. Considering you're using sessions, you could use Redis and store data with expirations. You could assign the key in Redis to your session. For example:
req.session.myDataA = 'user_id:myDataA'
req.session.myDataB = 'user_id:myDataB'
When you set your data in Redis, you can use the key user_id:myDataA and set it to expire.
// Will expire in 1 hour
SET user_id:myDataA "your data"
EXPIRE user_id:myDataA 3600
While the key will still be in session, you can check if the value is null or has the data you're expecting.
I know this perhaps sounds a little more complicated, but even as a good practice with sessions, you really don't want to be storing a lot of data, beyond keys of reference as it becomes very difficult to manage.
If you're using MongoDB, you could also set documents to expire. However, if you're not using either, Redis would generally be the easiest to setup and acts a good session store.
Edit:
As commented below, instead of expiring the sessions which you can't at different time frames, is to just set a field in your data with expiration time. Then when you get that data, check if it's passed expiration (i.e., 1hr, 30days, etc.).
Upvotes: 3
Related Questions
- Node + Express Session Expiration?
- Change cookie expiration in Express
- session expires not in the expected time in node.js
- nodejs, how to set express session cookie not to expire anytime
- ExpressJS session expiring despite activity
- expire in express-session doesn't work
- How to keep session in expressjs to not expire
- Setting Node.js Express session expiration time in SessionStore in stead of in cookie
- Node session cookie that expires
- In Express the Session Cookie Expires Too Early