-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change session behavior #475
Conversation
you could do what you want with IMO we do need "rolling" sessions though, I intend on improving what we have now so that it's not a set-cookie per-request, however it would be terrible UX for a session to expire in 4 hours, then have an active user's session just expire mid-use. |
ah sorry it's |
changed to use that default: f25d85f |
I agree that it was bad if session breaks until user stop using site. But session is not designed for long life time. If the browser session ended in most cases we are dealing with a new user session. So, I mean that usually not necessary to make the lifetime of the user's ("connect") session to be longer than the lifetime of browser session. |
yeah i know what you mean, it's not uncommon for people to be setting the session to at least be a few days etc |
What about sending session cookies with each request? Response which contains cookies can not be cached because it changes the current state. It turns out that it is impossible to cache all responses. Now I looked how it works in PHP. They use the way I suggested above. If the lifetime of the session is set then it ends even if the user is active. |
Maybe not send cookies in each response, if the default (null) value of maxAge has not been changed. In this case, it will not break the session if it`s lifetime is not equal to the lifetime of the browser session. We do not need to update the cookies that have no parameter "expires". I think it is a good compromise. |
I just tell varnish to strip the cookie for assets to cache, agreed thought that's definitely a good thing to avoid for browser-session cookies |
Thanks for fast fix. |
np. I'm not happy with how the rolling sessions are done I just haven't had much time to fix those |
Sorry for my bad english, but i hope that you will understand me. Thanks.