You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hasLongExpires is currently checking against a hard coded 4 weeks.
I am finding that the check if(!isNew && cookie.hasLongExpires) in session.js fails when trying to update the maxAge to a value greater than 4 weeks as the comparison looks at the new value of maxAge when evaluating hasLongExpires and then skips the cookie update.
I have traced this through the debugger several times and verified that setting req.session.cookie.maxAge of < 4 weeks properly updates the cookie from a session to an expiring cookie but setting it greater than 4 weeks causes no update to the browser cookie.
The text was updated successfully, but these errors were encountered:
Anoying because my customers come back months after and loose their sessions.
But a session longer than 4 weeks is a security issue. I'm in some way balanced about this question. For the moment I just try to Update the session maxAge often.
But having a hardcoded value is bad, it should be possible to overwrite it via an option.
hasLongExpires is currently checking against a hard coded 4 weeks.
I am finding that the check if(!isNew && cookie.hasLongExpires) in session.js fails when trying to update the maxAge to a value greater than 4 weeks as the comparison looks at the new value of maxAge when evaluating hasLongExpires and then skips the cookie update.
I have traced this through the debugger several times and verified that setting req.session.cookie.maxAge of < 4 weeks properly updates the cookie from a session to an expiring cookie but setting it greater than 4 weeks causes no update to the browser cookie.
The text was updated successfully, but these errors were encountered: