Session timeout does not have any effect

[claustres]

In ExpressEngine.js, when protecting the api routes, credentialsRequired: false can be found. Looking at the code of express-jwt I can see that with the credentialsRequired option no error is thrown when verification has failed. Can someone from MEANIO tell us if there was any particular reason to activate this option, otherwise it is probably a bug.

Moreover it would be great to be able to configure the timeout.

This issue has been first reported on MEAN.io : https://github.com/linnovate/mean/issues/1289.

[shailendramonu]

This defect was open quite a long time ago but it seems no update on this???