A rolling session is a session that expires in a set amount of time should there be no user activity(excluding websockets live updating data). If the user visits another part of the site before expiry, the expiry should then be extended. How would I do this with Sails.js? Setting maxAge and expires under cookie in /config/session.js does not have the desired effect. The expiry does not get extended with another page load. It stays constant.

EDIT: Will this be resolved once Sails.js upgrades its Express version? I see has a rolling option.

EDIT2: I see this answer: ExpressJS session expiring despite activity Would I need to copy and paste

req.session._garbage = Date();
req.session.touch();

onto each route in the controller? Is there a better way?

A rolling session is a session that expires in a set amount of time should there be no user activity(excluding websockets live updating data). If the user visits another part of the site before expiry, the expiry should then be extended. How would I do this with Sails.js? Setting maxAge and expires under cookie in /config/session.js does not have the desired effect. The expiry does not get extended with another page load. It stays constant.

EDIT: Will this be resolved once Sails.js upgrades its Express version? I see https://github./expressjs/session has a rolling option.

EDIT2: I see this answer: ExpressJS session expiring despite activity Would I need to copy and paste

req.session._garbage = Date();
req.session.touch();

onto each route in the controller? Is there a better way?

• javascript
• node.js
• session
• express
• sails.js

Share Improve this question Follow edited May 23, 2017 at 12:15 CommunityBot 111 silver badge asked Aug 8, 2014 at 9:10 No_nameNo_name 2,82033 gold badges3434 silver badges4949 bronze badges

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 9

Changing the Express dependency in Sails is not something we take lightly. But in the meantime, you can handle this in a couple of ways, depending on the conditions you'd like to trigger the cookie refresh:

• If you only need the refresh to happen when a controller action is run, you can put your code in a global policy. This won't apply to routes that are mapped directly to views, or to static assets.

config/policies:

'*': 'refreshSessionCookie'

api/policies/refreshSessionCookie:

module.exports = function(req, res, next) {
    req.session._garbage = Date();
    req.session.touch();
    return next();
}

• If you want the refresh to happen any time a user with a session makes a request for anything, be it a controller, view or static asset, you can put the code in custom middleware that will run for every request.

config/http.js:

middleware: {

    refreshSessionCookie: function(req, res, next) {
        req.session._garbage = Date();
        req.session.touch();
        return next();
    },

    order: [
      'startRequestTimer',
      'cookieParser',
      'session',
      'refreshSessionCookie', // <-- your custom middleware
      'bodyParser',
      'handleBodyParserError',
      'press',
      'methodOverride',
      'poweredBy',
      '$custom',
      'router',
      'www',
      'favicon',
      '404',
      '500'
    ]
}