New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERR invalid expire time in set #292
Comments
My guess is since this has a fixed max age, it is trying to set a time in the past after 14 days which will be an error in Redis. If |
It sounds like the The expected behavior (I think) would be that the session cookie expires Not sure if this is a scenario that should be handled by connect-redis (ie. rejecting session cookies older than |
It seems like the fix would be best suited upstream in the |
I raised the issue with expressjs/session#718 (comment)
|
Additional information: This issue first started happening after upgrading |
I have posted code to reproduce this issue here: expressjs/session#718 (comment) |
Update: This issue is likely caused by manually saving the session rather than allowing the session to automatically save on its own at the end of the HTTP response.
Possible fix is to not manually call |
Per the last discussions in the other issue. I don't think we can reliably come up with a scheme that does the "right" thing when a user chooses to manually save. So this responsibility would fall on the user of the library (so the user manually updates the If you want to just log errors you can set a 'error' handler on the client and capture it there as an option too. |
Thanks @wavded. I really appreciate the quick response on this thread and also the other one. It's very much appreciated. |
I spend 48 hours, to get the error in production server, but the ease to fix!! You just don't need set maxAge or expired cookie in initialization session, you must set maxAge or expired in controller your app, for example: app.use(
session({
store: new RedisStoreSession({ client: redisClient }),
secret: process.env.SESSION_SECRET,
cookie: {
secure: process.env.NODE_ENV === 'production',
httpOnly: true,
},
name: process.env.SESSION_COOKIE_NAME,
resave: false,
rolling: true,
saveUninitialized: false,
})
);
export async function usersLoginController(
req: Request,
res: Response,
next: NextFunction
): Promise<Response | void> {
req.session.cookie.expires = addDays(new Date(), 1);
res.status(200).json({ csrfToken: req.session.csrfToken });
} And yes, that was stupid from me, set expired cookie date in initialization... 😄 |
If you are using |
We're getting the
ERR invalid expire time in set
error and having some trouble resolving it.The
ERR invalid expire time in set
begins to happens exactly 14 days (themaxAge
) after the session was created.I included some code below to illustrate our connect-redis and express-session config.
We have an API that modifies and saves the session...
The above code in our controller throws the
ERR invalid expire time in set
error when attempting to save the session exactly 14 days (same asmaxAge
) after the session was created.I also noticed that, when the request completes with the 400 error as shown above, there's a Set-Cookie header on the
400
response with an Expires date equal to 14 days in the future. However, if we addconsole.log(req.session.cookie._expires)
right beforereq.session.save()
, the date that's logged is the (correct) date, which is 14 days after the session was first created (yet, on the response, theexpires
inSet-Cookie
is 14 days in the future).If I'm understanding the internal workings of connect-redis and express-session correctly, with the above configuration, a session created should be valid for only 14 days (and the cookie should also expires after 14 days. Is this incorrect, seeing that the Set-Cookie header on the response is giving the cookie a new expires of 14 days in the future whenever the session data is changed?
If you could help understand what might be happening here, it would be greatly appreciated! Our solution as of now is to rotate the cookie name every 13 days to force all users to login again, thereby creating a new session (which works, until 14 days later when the issue reoccurs).
The text was updated successfully, but these errors were encountered: