the exipration property seems doesn't work

[Roen-Ro]

in my code, i set the expiration property to 5000 milliseconds, expect the session to be expired after 5 seconds.

        //session 
        var sessionOption = {
            // Whether or not to automatically check for and clear expired sessions:
            clearExpired: true,
            // How frequently expired sessions will be cleared; milliseconds: 2个小时 
            checkExpirationInterval: 7200000,
            // The maximum age of a valid session; milliseconds
            expiration: 5000,//5 seconds
            // Whether or not to create the sessions database table, if one does not already exist:
            createDatabaseTable: true,
        }

        sessionStore = new mySQLSessionStore(sessionOption,pool);

in my request handle file, beside for the 1st time, i found the session never expires.

router.all('/log', (req, res, next) => {
// do verifying here...
  var para = req.query;
  if(req.session.userName){
       res.send( 'session is valid  ');
  }
 else {
     req.session.userName = para.userName;
     res.send( 'session expired  ' );
 }
});

[chill117]

I think the reason you aren't seeing any sessions deleted is that you didn't change the checkExpirationInterval option. Try setting it to 5 seconds as well. I think that should clear things up for you.

[Roen-Ro]

thanks chill, for the great work.
yes, i ever set both checkExpirationInterval and expiration values to 5000, but the session never expires, except that the cookie expiration reached.
if it is better to automatically check the session expiration(not the cookie) whenever it assigned to a request, even it still in the store?

[MartinYW]

Not working even for me.

[chill117]

Can you provide some simplified working example that shows the unexpected behavior and then explain what you expect to happen?

Whenever a request is made to the server, by a client with a session, their session is "touched" by the session middleware. This updates its expire time. The result is that if the client makes a request before their session has expired, it will continue to remain active beyond its original expire time.

[Roen-Ro]

Assume that we set both checkExpirationInterval and expiration values to 5000(millisecond). Then a session is created(or touched) and is assigned with a username at time t1 from a request

req.session.username = 'somebody';

then another request is received from the same client at time t2 which is beyond the expiration, that is to say t2 - t1 > 5000 millisecond, at this moment i expect the username value to have been cleared from the session

  if(req.session.username) { //unexpected
       res.send( 'session is valid  ');
  }
 else { //expected
     res.send( 'session expired  ' );
 }

[chill117]

Thank you for the clarification, @Roen-Ro

The issue has been fixed and included in the latest release (v2.1.0).

[Roen-Ro]

Great! thanks @chill117