I'm searching for way to expire session. Here's my plan I want to generate RSA public/private key depends on session when user reach my website. I send public key when they just reach my website, when they try to log in, they use public key to encrypt their ID/PW and server decrypts it with private key. I need to expire every sessions after user log in or just leave the website to save server memory. So I decided to set timeout to any session. Whether they log in or not, every sessions will be deleted in this way.
And I found that I can use 'expires' attribute to make session be deleted after specific time but it not works.
this is my code
var RedisStore = require('connect-redis')(session);
var redis = require("redis").createClient();
app.use(session({
store: new RedisStore({host: 'localhost', port:6379, client:redis,
resave:false}),
secret: 'keyboard cat',
expires : '1000'
}));
app.get('/logincheck', function(req, res){
console.log('session check : ' + req.session.redSession);
if(req.session.redSession){
res.json({
result : 'on'
});
}
else {
res.json({
result : 'off'
});
}
});
app.post('/login', function(req, res) {
req.session.redSession = req.body.id;
console.log('session check : ' + req.session.redSession);
if (req.body.id == 'fuck' && req.body.password == 'you') {
res.json({
message: 'ㅊㅋ'
});
//sess.id = req.body.id;
return;
} else {
res.json({
message: 'fuck you'
});
return;
}
});
I logged in, wait more than one second and send /logincheck but I got 'on'. As I expected, session should be expired in one second and it destorys itself so nothing should be in req.session.redSession so it must return 'off'. But it keeps return 'on' and console.log('session check:') keep returns string(not undefined) on server side.
What am I thinking wrong? How can I make session disappear after one second?
via HyeonWoo
No comments:
Post a Comment