I use express and passport in the project to work with the session and everything is fine, except for one fact. Registration and user login works perfectly, but when the user re-enters the browser, he logs out, because there is another session. Is there any good opportunity to remain logged in, even after a session change? Should I use cookies or any other packages from npm ? The usual implementation is used, with the mongodb database:

app.use(session({ secret:'secret', maxAge: new Date(Date.now() + 3600000), httpOnly: true, cookie: { path: '/', httpOnly: true, maxAge: null}, store: new MongoStore( {mongooseConnection:mongoose.connection}, function(err){ console.log(err || 'connect-mongodb setup ok'); }) })); app.use(passport.initialize()); app.use(passport.session());

It would be appreciated if there is a good example or practical advice on how this problem is solved in nodejs.

The correct view, you just had to install maxAge:

 app.use(session({ secret:'secret', maxAge: new Date(Date.now() + 3600000), httpOnly: true, cookie: { path: '/', httpOnly: true, maxAge: 3600000}, store: new MongoStore( {mongooseConnection:mongoose.connection}, function(err){ console.log(err || 'connect-mongodb setup ok'); }) })); app.use(passport.initialize()); app.use(passport.session());

    1 answer 1

    maxAge express-session does not have a maxAge parameter; there is only cookie.maxAge :

     app.use(session({ secret:'secret', httpOnly: true, cookie: { path: '/', httpOnly: true, maxAge: new Date(Date.now() + 3600000 }, store: new MongoStore( {mongooseConnection:mongoose.connection}, function(err){ console.log(err || 'connect-mongodb setup ok'); }) })); app.use(passport.initialize()); app.use(passport.session());
    • As far as I know, app.configure belongs to the old style and is not desirable now. A cookie server is installed within a session, but they are destroyed when the session ends. maxAge: null says that cookies are not destroyed. - Evgen Stand
    • The documentation is very outdated, everything written above is incorrect. I will understand and update the answer with relevant information. If you want, you can still look at the project with the configured authorization . - Roman Paradeev
    • My authorization works fine, I just have my account unlocked after re-entering the browser, I would like to know about the solutions or even hints) - Evgen Stand
    • Try maxAge to specify. - Roman Paradeev
    • In the example you sent me, the same problem, maxAge does not affect anything here. You need to store intermediate information on the client side. - Evgen Stand