MERN Stack & GraphQL - #12 Session Lifetime
If this video didn't make sense: express-session always calls session.touch() on every request. This does two things: (1) resets session.expires date to keep it alive (but does NOT actually save it to Redis), and (2) resets TTL (time-to-live) in Redis to its original cookie.maxAge ÷ 1000 (in seconds). Why is this a problem? Because it leaves session.expires out of sync with TTL, and opens a backdoor for infinite sessions. There is no way to opt out of this! But we can work around it.
What did we do? We set "resave: true" so that when its expiry date is reset, the session is re-saved to the store to reflect that change, and also to stay in sync with TTL. We also set "rolling: true" to send a new cookie should the expiry date change. This way, we keep all three (the expiry date, the TTL, and the cookie) in sync. Your session stays alive as long as you keep using the site, but after you leave for 2+ hours, you have to log back in. The 2 hours could be 12, 24, etc. hours at your discretion. IMO that's the most reasonable approach given the constraints.
Watch video MERN Stack & GraphQL - #12 Session Lifetime online without registration, duration hours minute second in high quality. This video was added by user Code Realm 05 January 2019, don't forget to share it with your friends and acquaintances, it has been viewed on our site 3,05 once and liked it 6 people.