In my NodeJs / Express app, I'm using the standard session package and Passport to handle sessions and login. My problem is that the app kicks the user out after what feels like 10 minutes of inactiviy, and forces them to log-in again. My assumption is that it must be something to do with the session configuration, which with my limited understanding, I think is configured to allow 2 hours:

const session = require("express-session");
const PostgreSqlStore = require("connect-pg-simple")(session);


const sessionAge = 2 * 60 * 60 * 1000; // hour, min, sec, millisecond

var sessionConfig = {
    name: "mysite",
    secret: "verysecret",
    resave: true,
    saveUninitialized: false,
    proxy: trustedTypes,
    cookie: {
       key: "cookieKey",
       secure: true,
       sameSite: false,
       httpOnly: true,
       maxAge: sessionAge,
    },
    store: new PostgreSqlStore({
       pgPromise: db,
       ttl: 2 * 60 * 60, //Hours, minute, seconds
    }),
 };
 app.use(session(sessionConfig));

Is there anything I'm doing wrong, or is there something else I should be looking at to find the cause of this behavior?

CodePudding user response：

store: new PostgreSqlStore({
   pgPromise: db,
   ttl: 2 * 60 * 60, //Hours, minute, seconds
})

I think your PostgreSQL store ttl property should be equivalent to maxAge property of session config

CodePudding user response：

I've discovered that apparently although by default the session does get extended on the server, it won't send an updated cookie to the browser if nothing has changed in it. The missing property is the 'rolling' attribute.

var sessionConfig = {
   rolling: true,