The 'expires' prop required in the cookiesConfig
younes-io opened this issue · 4 comments
I need to configure the expires property in the CookieConfigParams but it's not available :
express-openid-connect/index.d.ts
Line 705 in 44aa3cf
Even though it is available here
I use this in the context of a RedisStore which acts as a session store; as you can see here, I don't have access to the expires prop which is used by the function _getTTL. I am aware that things could be done another way, but still, the issue remains : I still need to have access to the expires prop (and maybe other props available in the Express.Response object)
What do you think ?
Hi @younes-io - thanks for raising this
The expires (and maxAge) cookie properties are derived from the session expiry config and added to the payload when saving the session to a custom session store here https://github.com/auth0/express-openid-connect/blob/master/lib/appSession.js#L223-L226
So when you use a session store like redis (like the example here) - _getTTL will have the information it needs to set the correct expiry.
@adamjmcgrath : I understand that, but _getTTL gives priority to sess.cookie.expires which I cannot modify. Regardless of what I put in the ttl prop of the RedisStore, the ttl holds the value of the sess.cookie.expires; that is why I rose this issue
sess.cookie.expires is derived from the session expiry config
So you can modify sess.cookie.expires by modifying the session expiry config - for example if I want the ttl of the entry in redis to be 1 hour from when the session is created, I would set the session expiry config to:
{
rolling: false,
absoluteDuration: 60 * 60
}Then when the entry is created sess.cookie.expires will be set to config.session.absoluteDuration * 1000 + Date.now()
Closing as I think #431 (comment) has answered your question