Sessions not actually expiring?

[Nedlinin]

I've got my session storage setup as follows:

app.use(session({
store: new mssqlStore(
    {
        user: sqlConfig.accessParameters.userName,
        password: sqlConfig.accessParameters.password,
        server: sqlConfig.accessParameters.server,
        database: sqlConfig.accessParameters.options.database
    },
    {
        ttl: 60 * 1000,
        autoRemove: "interval",
        autoRemoveInterval: 70 * 1000
    }
),
secret: "MySecret",
resave: false,
saveUninitialized: false
}));

My time to live on a session is 60 seconds and my auto remove is 70 seconds.

Problem: With this config, if a clients session gets created at second 0 and never again touched/updated it should expire at second 60. However, because the autoremove function has not yet run if the client makes another request anytime between second 60 and 70 the session ID is returned and the clients session is supposedly valid.

Expected: The session has timed out and the session should be forced to be recreated.

Possible solution: The get functions query should contain a where clause dictating that the expired time has not already passed.

[tony-gutierrez]

Is this going to be merged?

[Nedlinin]

@tony-gutierrez : Have seen no action whatsoever and I'm sort of assuming this project has been abandoned by @patriksimek .

I've been pulling the source repo for this PR into my projects in order to have this fix though I do not intend to maintain the repo any further than this one fix.

[tony-gutierrez]

Word. I might be about to use this so ill grab yours.