Even with
app.use(express.session({
secret: conf.secret,
maxAge : new Date(Date.now() + 360000),
expires: new Date(Date.now() + 360000),//I've tried both separately
store : new MongoStore(conf.db),
}));
The sessions in mongodb stay forever (as far as I have tested)
Are the session stores in MongoDB supposed to just stay there even after the session ends?
Because even with the maxAge or expires in the session declaration, in MongoDB, all the sessions look like this:
{ "_id" : "FU8k3kEzquG/hoSD308H5XHa", "session" : "{\"cookie
\":{\"originalMaxAge\":null,\"expires\":null,\"httpOnly\":true,
\"path\":\"/\"}}" }
Also, in most of my _id’s there is some type of non-number/letter character, i.e. /, +, etc. Are they supposed to be like that?
Every time I re-open my browser, a new session is created, but the old one is still there in MongoDB. I just want to know if there is a fix to this, or if this is intentional.
Thanks,
Brandon
This is the expected behaviour if your browser’s cookie expires but the session information has been saved in a persistent backend data store like MongoDB. The two data stores (backend versus browser-based cookie) can have different expiries.
Assuming you are using connect-mongodb to persist the sessions, the default
reapIntervalshould trigger removal of expired sessions every 60 seconds.Since your session expiry is set to “null” these sessions would never expire. The session expiry should be the same as the cookie
expiresvalue .. so if it’s not being set you probably need to do a bit of debugging to track down the issue.It’s possible that these are old sessions saved before you tried setting the
maxAge; I would check if new sessions are settingexpiresas you’d expect. If so, you may need to manually delete some of the older non-expiring sessions.Yes, Express sessionIDs are 24-character long alphanumeric strings.