TTL not set on session keys

[mfinelli]

Hi, I'm not sure that I'm testing the right thing, and perhaps I'm not understanding the correct behavior, but I don't think that this gem is setting an expiration on the keys that it stores in redis.

If I setup a simple app with the following settings:

$redis = ConnectionPool.new(size: 25, timeout: 3) do
    Redis.new(url: 'redis://localhost)
end

use Rack::Session::Redis, pool: $redis, key: 'session',
      expires_in: 3600 # 1 hour

And then issue a request:

curl -sI http://localhost:9292 | grep Set-Cookie
Set-Cookie: session=d80dcc50e63c454dc467d3cc703e84f514b790f5ef6c20bbbb7f18be2c22cce5; path=/; HttpOnly

And then ask redis what the ttl is for the associated key:

127.0.0.1:6379> ttl d80dcc50e63c454dc467d3cc703e84f514b790f5ef6c20bbbb7f18be2c22cce5
(integer) -1

There is no TTL set on the key, but I think that there should be, no? Or am I misunderstanding how the expires_in option works?

Cheers

[tubbo]

You have to use expire_after here I think. Check out the example in https://github.com/redis-store/redis-rails/blob/master/README.md#session-storage

…

On Sep 15, 2019 at 2:20 PM, <Mario Finelli ***@***.***)> wrote: Hi, I'm not sure that I'm testing the right thing, and perhaps I'm not understanding the correct behavior, but I don't think that this gem is setting an expiration on the keys that it stores in redis. If I setup a simple app with the following settings: $redis = ConnectionPool.new(size: 25, timeout: 3) do Redis.new(url: 'redis://localhost) end use Rack::Session::Redis, pool: $redis, key: 'session', expires_in: 3600 # 1 hour And then issue a request: curl -sI http://localhost:9292 | grep Set-Cookie Set-Cookie: session=d80dcc50e63c454dc467d3cc703e84f514b790f5ef6c20bbbb7f18be2c22cce5; path=/; HttpOnly And then ask redis what the ttl is for the associated key: 127.0.0.1:6379> ttl d80dcc50e63c454dc467d3cc703e84f514b790f5ef6c20bbbb7f18be2c22cce5 (integer) -1 There is no TTL set on the key, but I think that there should be, no? Or am I misunderstanding how the expires_in option works? Cheers — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub (#48?email_source=notifications&email_token=AAA3TARBYSQLFSPU5D6Q6I3QJZ4IBA5CNFSM4IW3QCGKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLOKNPA), or mute the thread (https://github.com/notifications/unsubscribe-auth/AAA3TAS2JLPU76BYHWQK4N3QJZ4IBANCNFSM4IW3QCGA).

[mfinelli]

That does set the expires on the cookie that gets sent, but still no TTL on the redis key.

curl -sI http://localhost:9292 | grep Set-Cookie
Set-Cookie: session=68e212a79b5aa718580be9aecddc3bf90b91b54673e35d65800b875b270f4e80; path=/; expires=Sun, 15 Sep 2019 21:44:04 -0000; HttpOnly

127.0.0.1:6379> ttl 68e212a79b5aa718580be9aecddc3bf90b91b54673e35d65800b875b270f4e80
(integer) -1

[mfinelli]

Apologies, I figured out my issue. I was passing in a connection pool initialized with a raw redis object instead of a redis-store. Switching to the redis-store started setting the TTL correctly.

All that being said, the readme for this project could use a couple of updates, if I have time I will send another PR.

Sorry for the noise!