Expired Sessions - how to handle

[ericalas93]

I am working on creating a backend for a mobile as well as using Remix to create a web version. For the iOS app I will be sending a JWT which I then validate and extract the needed data (with the help of other Auth0 libraries). When I call from the iOS app with an expired JWT I get back the correct error (jwt expired) but my session on Remix is still alive well past the expiration. If I extract the JWT from the Remix session try it on Postman I get jwt expired (expected). Is there a correct way to validate the to make sure the session isnt expired with this library?

Thanks for the awesome work!

[danestves]

This is out of the scope from remix-auth you must provide the same value of the expire on Auth0 to the cookie, for example this is a expire of 30 days

expires: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000)

When you put that (or maxAge) the cookie will delete automatically after that period of time passes

[ericalas93]

This makes perfect sense, thank you!

This is one of the things I love about Remix (and its eco system), it's all back to web basics - now I just have to remember that, so used for so long doing things different ways

[danestves]

Don't worry! I think I'm going to put a disclaimer on the README so it will be easy for anyone new to know how to make this behavior

[ericalas93]

I’d be more than happy to open a PR to add this! Let me know :)

[danestves]

Sure! Go ahead