express-socket.io-session icon indicating copy to clipboard operation
express-socket.io-session copied to clipboard

Published 20 hours ago verified publisher icon oskosk

rolling feature of express-session not supported

Open semidark opened this issue 4 years ago • 1 comments

When setting the attribute rolling to true in express-session, the session.id cookie Max-Age in the Browser won't get updated/refreshed.

When most of the client/server communication is done via socket.io, the browser session will die, even if the client and server do communicate.

Demo Code for showcasing the bug / missing feature

Server js

"use strict";
let express = require("express");
let app = express();
let http = require("http").createServer(app);
let io = require("socket.io")(http);

function sendHeartbeat() {
  setTimeout(sendHeartbeat, 8000);
  io.sockets.emit("ping", { beat: 1 });
}
setTimeout(sendHeartbeat, 8000);

http.listen(3000, () => {
  console.log("Server is listening on http://localhost:3000");
});

let sess = require("express-session")({
  secret: "foobar",
  resave: true,
  rolling: true,
  saveUninitialized: true,
  cookie: {
    maxAge: 300000,
  },
});
app.use(sess);

let sharedsession = require("express-socket.io-session");
io.use(sharedsession(sess));

// app.use("/pong", function (req, res, next) {
//   res.json({ answer: "Workaround for session.id maxAge Bug" });
//   next();
// });

app.use(
  "/",
  express.static("public", {
    maxage: "0h",
  })
);

io.on("connection", (socket) => {
  socket.on("pong", (data) => {
    console.log("got pong from client");
  });
});

client javascript

"use strict";
let socket = io();

// async function getPong() {
//   const serverResponse = await fetch("http://localhost:3000/pong", {
//     method: "GET",
//     headers: {},
//   });
//   const response = await serverResponse.json();
//   console.log(response);
// }

document.addEventListener("DOMContentLoaded", () => {
  socket.on("ping", function (data) {
    console.log("recived Ping from server");
    //getPong();
    socket.emit("pong", { beat: 1 });
  });
});

As workaround implemented an simple fetch of an useless json. With that in place, the session.id gets refreshed. This are the commented code parts in the above example code.

semidark avatar Dec 26 '20 09:12 semidark

Lmao! You still use this piece of crap and its 2022!!!? xD

XiXiongMaoXiong avatar Feb 01 '22 06:02 XiXiongMaoXiong