Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Give error for incorrect maxAge and expires Type

See original GitHub issue

Out of mere developer error, I inserted into the maxAge field what should have been entered in expires:

maxAge : new Date(Date.now() + 3600000)

Instead of

expires : new Date(Date.now() + 3600000)

However this causes a weird quirk in creating a session, for example, setting username and password within seconds of eachother will create two sessions, each with a negative maxAge

{
"_id" : "zY02IMuLO720J-SLFKVj"
    "session" : {
        "cookie" : {
            "originalMaxAge" : -104023,
            "expires" : ISODate("..."),
            "secure" : null,
            "httpOnly" : true,
            "domain" : null,
            "path" : "/"
        },
                "username" : "username"
    },
}

"_id" : "fJ92IErLO730J-sLPMvQ"
    "session" : {
        "cookie" : {
            "originalMaxAge" : -104035,
            "expires" : ISODate("..."),
            "secure" : null,
            "httpOnly" : true,
            "domain" : null,
            "path" : "/"
        },
                "password" : "hashed_password"
    },
}

So they are set as separate sessions, and this causes a session to expire, and new session to be created immediately, having some functionality to have express-session throw an error if the wrong type is entered would be beneficial.

Issue Analytics

State:
Created 8 years ago
Comments:8 (4 by maintainers)

Top GitHub Comments

1reaction

dougwilsoncommented, Sep 26, 2016

Ah @jackycute, good catch on the readme. That came from the cookie module and doesn’t fit well here. Let’s move the rest of this conversation to a new issue, please, so we don’t loose what the original issue was about.

1reaction

dougwilsoncommented, Sep 26, 2016

This is the same issue @jackycute and I are running into, yep — I think more of a “weird behavior” report than a feature request, but agreed

Well, the thing is, JavaScript can change a Date object into a number without issue. Really, the weird behavior is JavaScript itself that you are describing 😃 You’re welcome to create a PR to increase the strictness of validating the input values, though!

our issue is the session originalMaxAge is set to be a negative number. and I did pass a Date object to expries, I don’t know if that is not appropriate.

I’m not certain what happens if you are setting both maxAge and expires. I think they are supposed to be mutually exclusive. Does removing expires fix the issue? Perhaps we can open a new issue regarding that behavior as well.

Top Results From Across the Web

Can't set cookie 'expires' or 'maxAge' in Node.js using Express ...

I was trying to use a short-lived cookie during development (120s), and got errors about 'Cookie “<cookieName>” has been rejected because it is...

Expires - HTTP - MDN Web Docs - Mozilla

The Expires HTTP header contains the date/time after which the response is considered expired. Invalid expiration dates with value 0 ...

HTTP/1.1: Header Field Definitions

If a response includes both an Expires header and a max-age directive, the max-age directive overrides the Expires header, even if the Expires...

What's the difference between Max-age and Expires?

Expires sets an expiry date for when a cookie gets deleted · Max-age sets the time in seconds for when a cookie will...

Express cookie-session middleware

maxAge : a number representing the milliseconds from Date.now() for expiry; expires : a Date object indicating the cookie's expiration date (expires at...