MERN Stack & GraphQL - #12 Session Lifetime
If this video didn't make sense: express-session always calls session.touch() on every request. This does two things: (1) resets session.expires date to keep it alive (but does NOT actually save it to Redis), and (2) resets TTL (time-to-live) in Redis to its original cookie.maxAge ÷ 1000 (in seconds). Why is this a problem? Because it leaves session.expires out of sync with TTL, and opens a backdoor for infinite sessions. There is no way to opt out of this! But we can work around it.
What did we do? We set "resave: true" so that when its expiry date is reset, the session is re-saved to the store to reflect that change, and also to stay in sync with TTL. We also set "rolling: true" to send a new cookie should the expiry date change. This way, we keep all three (the expiry date, the TTL, and the cookie) in sync. Your session stays alive as long as you keep using the site, but after you leave for 2+ hours, you have to log back in. The 2 hours could be 12, 24, etc. hours at your discretion. IMO that's the most reasonable approach given the constraints.
Смотрите видео MERN Stack & GraphQL - #12 Session Lifetime онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Code Realm 05 Январь 2019, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 3,05 раз и оно понравилось 6 людям.