koa session expire event

Question

Am trying to log a message when a koa session expires. But adding a listener for the expire event doesnt seem to work for me.

Following is the sample code. Set 2 mins as maxAge for the session.

import koa from 'koa';
import serve from 'koa-static';
import route from 'koa-route';
import session from 'koa-session';
import mount from 'koa-mount';

let pub = new koa();
let parse = new koa();
let app = new koa();

app.keys = ['test'];

const CONFIG = {
    key: 'sess',
    maxAge: 2000
};

parse.use(ctx => {
    // ignore favicon
    if (ctx.path === '/test') return;

    let n = ctx.session.views || 0;
    ctx.session.views = ++n;
    ctx.body = n + ' views';
    console.log(ctx.session);
});

pub.use(serve('./public'));

app.use(session(CONFIG,app));
app.on('expired',(key,value,ctx) => console.log(key));

app.use(mount('/',pub));
app.use(mount('/parse',parse));


app.listen(8080);

Here everytime i refresh the page after 2 seconds in browser i can see the "views" value set back to 1 meaning the previous session had expired. But the log statement as part of the expired event is not getting hit. May be the way am adding the event listener is wrong. Can someone please help?

score 0 · Accepted Answer · answered Jun 27 '18 at 11:52

0

After having a look at library files, koajs/session -> context.js

if (value._expire && value._expire < Date.now()) {
  debug('expired session');
  this.emit('expired', { key, value, ctx });
  return false;
}

where emit is:

emit(event, data) {
    setImmediate(() => {
      this.app.emit(`session:${event}`, data);
    });
}

So I think in your code you shouldchange the name you are trying to capture the event with:

app.on('session:expired',(key,value,ctx) => console.log(key));

If key is containing a value, you should see something printing out in the console :)

answered Jun 27 '18 at 11:52

Javier Aviles

7,952
2
22
28

Tried that as well, but no luck. – Rayees Jun 27 '18 at 11:59
I have been debugging the library, and the thing is the cookie never gets to emit the expire event because, the browser, deletes the cookie once it's expired. Therefore the request never gets to the backend with an expired cookie... – Javier Aviles Jun 28 '18 at 15:22
Thanks a lot Javier. – Rayees Jun 29 '18 at 15:02
1

You can debug the scenario that Javier mentions by changing the cookie expiration date when it's set in the browser, using the dev tools. Then the "_expire" value in the session data will be expired, but the cookie won't be expired, so the library will get the cookie and then see in the session data that it has expired. This would only happen in production if the browser doesn't clear expired cookies, or if someone tries to extend the session manually by changing the cookie (stolen cookies perhaps?) – Kenneth Sundqvist Jan 29 '19 at 16:19
I'm having the same issue as @RayeesKm is there any solution for it by now? Or is this behavior intended and we can't do anything about it? – L3M0L Jan 08 '20 at 21:06
I don't fully remember what was going on here, but reading through a bit looks like it was the intended behaviour of the library. Maybe if you briefly explain what's your issue and why would you need such event, we can help :) – Javier Aviles Jan 09 '20 at 08:32

koa session expire event

1 Answers1