Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Different max age for different users. #151

Open
wmichaelshirk opened this issue Apr 21, 2021 · 3 comments
Open

Different max age for different users. #151

wmichaelshirk opened this issue Apr 21, 2021 · 3 comments

Comments

@wmichaelshirk
Copy link

Is there a way to alter the session length for specific "sessions"?
Say, under certain conditions, I'd like a given request to get a session of 1 week rather than one hour.

The maxAge of an existing session isn't modifiable (since the key is a symbol), and I'm not exactly sure how to create a new session that's otherwise identical and swap them out.

@Gameghostify
Copy link

You should be able to use Symbol.for to access the maxAge symbol. Can you swap it out that way?

@lprescott
Copy link

No luck implementing your idea @Gameghostify in a similar situation.

That leads me with the following when I try to override the maxAge and print it out to the console:

api_1              |   [Symbol(maxAge)]: 7200000,
api_1              |   [Symbol(maxAge)]: 2678400000

Any other ideas?

@mfpopa
Copy link

mfpopa commented Aug 3, 2021

You can, but I don't think you can do it if you set a maxAge because when a session is pulled from the session store (e.g. Redis, MongoDB), the session.expires and session.cookie.expires are ignored and instead set fresh based on the maxAge value, which means the expiration is always the same for all users. You can see here how a new session is created from a previous session by omitting the expires and cookie properties.

In my case I did not set the maxAge and I implemented a custom session store that persists sessions to a MongoDB. In the set(sessionId, session, callback) method of the store I update the session.expires and session.cookie.expires based on the session.user.expires. session.user is the object that contains the user properties (e.g. user id) that are set during authentication/login. So on that same object is specify a custom expiry date in the session.user.expires property based on the type of user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants