Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set cookie is not being passed in header when session is extended, due to which browser cookie is never extended #1002

Open
khushigupta515 opened this issue Nov 12, 2024 · 0 comments
Open

Set cookie is not being passed in header when session is extended, due to which browser cookie is never extended #1002

khushigupta515 opened this issue Nov 12, 2024 · 0 comments
Labels
bug

Comments

@khushigupta515
Copy link

call to extend session made via react
const extendSession = async () => {
try {
const response = await fetch(${process.env.REACT_APP_API_HOST}/v1/auth/extend-session, {
method: 'GET',
headers: {
Authorization: Bearer ${localStorage.getItem('token')},
},
credentials: 'include',
});
if (!response.ok) {
throw new Error(Error: ${response.status} ${response.statusText});
}
const data = await response.json();
if (data.newExpiry) {
localStorage.setItem('session_expiry', data.newExpiry);
}
return true;
} catch (error) {
console.error('Failed to extend session', error);
return false;
}
};

express code to extend session
extendSession: (req, res) => {
if (!req.session) {
return res.sendStatus(401); // Unauthorized
}
req.session.cookie.maxAge = 1000 * 60 * 24 * 60; // Set to 24 hours
req.session.touch();
req.session.save(err => {
if (err) {
return res.status(500).send('Error extending session.');
}

        const newExpiry = req.session.cookie.expires.getTime();
        res.json({ message: 'Session extended by 24 hours.', newExpiry });
    });
},

app.use(session({
name: config.SESSION_NAME, // Name of the session cookie
secret: config.SESSION_SECRET, // Secret key used to sign the session ID cookie
store: sessionStore, // Store session in MySQL
resave: false, // Prevents session resaving if not modified
saveUninitialized: false, // Prevents saving uninitialized sessions
cookie: {
// maxAge: 1000 * 60 * 60 * 24, // Session expires in 24 hours
maxAge: 1000 * 60 * 3, // Session expires in 24 hours
secure: !(process.env.NODE_ENV === 'local'), // Set to true if using HTTPS
httpOnly: !(process.env.NODE_ENV === 'local'), // Prevents client-side access to the cookie
sameSite: process.env.NODE_ENV === 'local' ? 'Lax' : 'Strict',
}
})); this is my session config , have tried using strict, none .Also tried making secure :'auto' nothing works .Session is updated in db(db changes can be seeen) , browser cookie is not extended(set-cookie header is not present in response) due to which session expires.

Set-cookie is obtained in the initial request when session is created so there is no problem with the route
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@khushigupta515