Re: Express 3: Cookie maxAge to be set in Milliseconds or seconds ?
3,348 views
Skip to first unread message
tjholowaychuk
Nov 12, 2012, 11:37:13 AM11/12/12
to Express
milliseconds like the expressjs.com docs mention. It's ms instead of
seconds because that's the
"universal" unit in js, so things like https://github.com/guille/ms.js
work etc
On Nov 11, 6:12 am, Alfredo FP <chinova...@gmail.com> wrote:
> Hello everybody,
>
> In the examples and documentation, the expiration / max age for
> a cookie is meant to be set in milliseconds, but it looks like
> it is working as with seconds.
>
> Ex:
>
> options.maxAge = 6000 * 2; // this is not 2 minutes, but 200 minutes!!!
> res.cookie('the_cookie', 'the_value', options)
>
> I wonder if everybody has noticed this or may be I am doing something
> wrong...
>
> - Alfredo
seconds because that's the
"universal" unit in js, so things like https://github.com/guille/ms.js
work etc
On Nov 11, 6:12 am, Alfredo FP <chinova...@gmail.com> wrote:
> Hello everybody,
>
> In the examples and documentation, the expiration / max age for
> a cookie is meant to be set in milliseconds, but it looks like
> it is working as with seconds.
>
> Ex:
>
> options.maxAge = 6000 * 2; // this is not 2 minutes, but 200 minutes!!!
> res.cookie('the_cookie', 'the_value', options)
>
> I wonder if everybody has noticed this or may be I am doing something
> wrong...
>
> - Alfredo
Alfredo FP
Nov 12, 2012, 4:04:32 PM11/12/12
to expre...@googlegroups.com
Thanks for your reply!
However, I still see a problem here.
documentation is not correct)
The line in function cookie (response.js):
if ('maxAge' in options) options.expires = new Date(Date.now() + options.maxAge);
does not modify the value in options.maxAge,
Then, in function serialize of the cookie module:
if (opt.maxAge) pairs.push('Max-Age=' + opt.maxAge);
Actually, this is correct, because browsers expect the delta in Max-Age to be seconds (http://www.w3.org/Protocols/rfc2109/rfc2109)
To be consistent, the documentation should be corrected, or the source code fixed.
if ('maxAge' in options) { options.expires = new Date(Date.now() + options.maxAge); options.maxAge /= 1000; }
I hope this helps.
Alfredo FP
Nov 12, 2012, 4:10:41 PM11/12/12
to expre...@googlegroups.com
Sorry, I forgot to mention that the problem is only with the maxAge field!!!
In summary:
expires ---> milliseconds
maxAge ---> seconds
maxAge ---> seconds
So, maxAge shouls be divided by 1000, or the documentation should point that it must be set in seconds.
BR,
Alfredo
tjholowaychuk
Nov 13, 2012, 12:06:33 PM11/13/12
to Express
ah I see, the cookie module is setting max-age now, it never used to.
that's definitely a bug then
that's definitely a bug then
tjholowaychuk
Nov 13, 2012, 12:15:03 PM11/13/12
to Express
Fixed in 3.0.3
Alfredo FP
Nov 14, 2012, 5:46:19 AM11/14/12
to expre...@googlegroups.com
Fantastic! I have tested it and it is working great!
Let me point something I was curious; my patch suggestion was
if ('maxAge' in options) { options.expires = new Date(Date.now() + options.maxAge); options.maxAge /= 1000; }
if (null == options.path) options.path = '/';
But your patch is:
if ('maxAge' in options) options.expires = new Date(Date.now() + options.maxAge);
if (null == options.path) options.path = '/';
options.maxAge /= 1000;
Because I'm not fluent in Javascript, I didn't expect the last line to work in case options.maxAge is not set before.
But it does!
I see that the result is NaN in case options.maxAge does not exist and everything goes on without exploding :-P
Well, thank you very much. I have improved my javascript knowledge and the problem fixed!
Best Regards,
Alfredo
Reply all
Reply to author
Forward
0 new messages