when are sessions deleted from the database?

Question

when are sessions deleted from the database?

evanholt1 opened this issue 5 years ago · 1 comments

i am using express-session & this package, and this is my test setup:
`
let sessionStore = new MongoDBStore({
uri: process.env.DB_HOST,
collection: 'sessions',
expires: 1,
});

app.use(session({
secret: process.env.SECRET,
store: sessionStore,
resave: false,
saveUninitialized: false,
unset: "destroy",
cookie: {
maxAge: 1
},
name: "US" // User Session
}));
`
yet when i run a GraphQL mutation which adds an "_id" field to 'req.session', while the cookie doesnt appear on client-side(it lasts a millisecond), a session is created on the database, and lasts a dynamic amount of time (lasting from 1 second to a minute) while i would expect it to expire in 1 millisecond, then destroyed from the database.
what is the explanation of this? what am i missing?

Answer 1 · 2021-02-01T00:40:03.000Z

mongo expireAfterSeconds / TTL only runs every 60 seconds. even if it expired it would still take whatever time is remaining in the 60 second window to delete the entry (i.e. 30ish seconds if it expires immediately)