I set the session timeout to 30 minutes. While I am still active, req.session.user is deleted after 30 minutes. However, the session is still alive. Here's my config (i'm using express-session and passport.js):
app.use(session({
store: new RedisStore(options),
secret: <some_secret>,
resave: false,
saveUninitialized: false,
cookie: {maxAge: 1800000}
}));
app.use(passport.initialize());
app.use(passport.session());
// Are these serializer/deserializer needed?
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
In login:
router.post('/login', (req, res, next) => {
passport.authenticate('ldapauth', {session: false}, (err, user, info) => {
...
if (user) {
req.session.user = {email: req.body.username};
}
next();
})(req, res);
});
The verify code is like this:
isLoggedIn() {
if (req.session && req.session.user) {
return true;
}
return false;
}
I set the req.session.user to some object after I successfully logged in.
So, after 30 minutes, req.session.user is deleted, but req.session is still there and keeps on incrementing the expiry date since I am still actively working on the page.
Why is req.session.user deleted after 30 minutes? I thought passport rides on the session by express?
from req.session.user is deleted while user is active
No comments:
Post a Comment