Cannot set the .sig cookie's expiry about cookie-session HOT 10 CLOSED

hm. so there is a lot going on here. can you try adding the option overwrite: true to the options for this module and see if that fixes your issue?

from cookie-session.

also, noob question, cookieParser should have the same secret as cookie-session right?

also to answer you, overwrite: true is on by default. I only use 3 options, name, secret, secureProxy

basically i just want to updated the maxAge of my session cookies base on some condition

from cookie-session.

cookieParser should have the same secret as cookie-session right?

this module does not require cookieParser at all and so it doesn't matter what your cookieParser is configured with. this module will directly read req.headers.cookie for you.

also to answer you, overwrite: true is on by default

indeed, it is

basically i just want to updated the maxAge of my session cookies base on some condition

can you show me how you are going about this with code? i don't think this is supported in this module, which may be why you are having issues.

from cookie-session.

well I was literally just overwriting the session cookie but I guess that is why you made the .sig session cookie haha (to prevent this)

you say in your docs that other options are passed to cookies.get() and cookies.set(). I tried adding maxAge: 604800000 (7 days) into the cookie-session options and my session cookies' expiry is still session.

from cookie-session.

well I was literally just overwriting the session cookie but I guess that is why you made the .sig session cookie haha (to prevent this)

um, the reason is so you can get the cookie value directly without checking the signature if you wanted, not to prevent you from changing the expiration.

maxAge: 604800000

the correct spelling for the latest version of this module (which uses an older version of cookie) is actually maxage (no capital A).

from cookie-session.

ok so can I dynamically change my maxage based on on a condition after initializing cookie-session with some options?

app.use(cookieSession({
  secret: 'secret',
  secureProxy: true
}));

then later on

if(req.body.rememberme){
    // make session cookie expire in 7days
} else {
    // make session cookie expire on session
}

from cookie-session.

it's not possible, that's what i'm saying. basically, you're making a feature request right now :) also, using sessions isn't the way a "remember me" function works--it doesn't keep you logged in for longer, it just sets another secondary cookie with like you username in it.

anyway, no, it's not possible to do that with this module, but a PR implementing this is always welcome

from cookie-session.

ok thank you for spending your time explaining this!
i guess that is why you called it "cookie-session", doh.
I completely understand everything you are saying!

from cookie-session.

using sessions isn't the way a "remember me" function works--it doesn't keep you logged in for longer, it just sets another secondary cookie with like you username in it.

Not quite sure about that. If you take the example of Gmail, it will log you in again when you open the browser next time.
It doesn't say "Remember me" but instead it says "Stay signed in" but I think @yawhide was referring to this last option.

I also expected to find some similar behavior in this component so we could change the maxAge or set it for the 1st time dynamically in an attempt to create the "Stay signed in" feature.

from cookie-session.

Would it be possible to do something along these lines?

app.use(function(req, res, next) {
    var options = {
        httpOnly: true,
        secure: false,
        secureProxy: true,
        keys: ['key1', 'key2']
    };

    if (typeof req.session !== 'undefined' && req.session.staySignedIn !== 'undefined') {
        options.maxAge = 30 * 24 * 60 * 60 * 1000; // 30 days
    }

    return cookieSession(options)(req, res, next);
});

from cookie-session.