Skip to content

Set cookie is not being passed in header when session is extended, due to which browser cookie is never extended #1002

New issue
New issue
Open
Open
Set cookie is not being passed in header when session is extended, due to which browser cookie is never extended#1002
Labels
bug
@khushigupta515

Description

@khushigupta515
khushigupta515
opened on Nov 12, 2024

call to extend session made via react
const extendSession = async () => {
try {
const response = await fetch(${process.env.REACT_APP_API_HOST}/v1/auth/extend-session, {
method: 'GET',
headers: {
Authorization: Bearer ${localStorage.getItem('token')},
},
credentials: 'include',
});
if (!response.ok) {
throw new Error(Error: ${response.status} ${response.statusText});
}
const data = await response.json();
if (data.newExpiry) {
localStorage.setItem('session_expiry', data.newExpiry);
}
return true;
} catch (error) {
console.error('Failed to extend session', error);
return false;
}
};

express code to extend session
extendSession: (req, res) => {
if (!req.session) {
return res.sendStatus(401); // Unauthorized
}
req.session.cookie.maxAge = 1000 * 60 * 24 * 60; // Set to 24 hours
req.session.touch();
req.session.save(err => {
if (err) {
return res.status(500).send('Error extending session.');
}

        const newExpiry = req.session.cookie.expires.getTime();
        res.json({ message: 'Session extended by 24 hours.', newExpiry });
    });
},

app.use(session({
name: config.SESSION_NAME, // Name of the session cookie
secret: config.SESSION_SECRET, // Secret key used to sign the session ID cookie
store: sessionStore, // Store session in MySQL
resave: false, // Prevents session resaving if not modified
saveUninitialized: false, // Prevents saving uninitialized sessions
cookie: {
// maxAge: 1000 * 60 * 60 * 24, // Session expires in 24 hours
maxAge: 1000 * 60 * 3, // Session expires in 24 hours
secure: !(process.env.NODE_ENV === 'local'), // Set to true if using HTTPS
httpOnly: !(process.env.NODE_ENV === 'local'), // Prevents client-side access to the cookie
sameSite: process.env.NODE_ENV === 'local' ? 'Lax' : 'Strict',
}
})); this is my session config , have tried using strict, none .Also tried making secure :'auto' nothing works .Session is updated in db(db changes can be seeen) , browser cookie is not extended(set-cookie header is not present in response) due to which session expires.

Set-cookie is obtained in the initial request when session is created so there is no problem with the route

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions