W
Wasp•2w ago
ComputO

Is there a way to reduce the session expiry instead of the default 1 month .

#🙋questions While I can update the session table post login with an updated expired_a ,but this will reset whenever a refreshe triggers a new token or updates the life of existing topen Let me know if there any way I can achieve this. #question #sessionTimeout
6 Replies
kapa.ai
kapa.ai•2w ago
Hi @Mayur. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Based on the provided knowledge sources, there isn't enough specific information to directly answer your question about reducing the session expiry time in Wasp from the default 1 month. The documents don't contain details about configuring custom session expiration times or modifying the default behavior. However, I can provide some relevant context based on the available information: 1. Wasp uses sessions for authentication, as mentioned in the Auth Overview documentation (https://wasp-lang.dev/docs/auth/overview#sessions). It utilizes the Lucia Auth v3 library for session management. 2. The Session entity in Wasp includes an expiresAt field, which suggests that session expiration is a feature Auth Entities documentation (https://wasp-lang.dev/docs/auth/entities#session-entity-). 3. There have been discussions about changing Wasp's authentication approach, including moving from JWTs to session-based authentication with cookies, as evidenced in this GitHub issue (https://github.com/wasp-lang/wasp/issues/573). Given this information, while there's no direct answer to your question, you might want to: 1. Check the Lucia Auth v3 documentation for session configuration options, as Wasp uses this library under the hood. 2. Look into Wasp's configuration options or documentation for any session-related settings that might not be covered in the provided knowledge sources. 3. Consider reaching out to the Wasp community or developers directly through their GitHub issues or Discord channel for more specific guidance on modifying session expiration times. If you need a definitive solution, you may need to wait for an update to Wasp's documentation or features that specifically addresses custom session expiration times. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @Mayur, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
Filip
Filip•6d ago
Hey @ComputO, Wasp currently doesn't support custom session lifespans. Wasp uses Lucia and its sessions do not have an absolute expiration. The expiration gets extended whenever they're used. This ensures that active users remain signed in, while inactive users are signed out (source). @miho Tagging you to fact check me and because we might want to allow this change. @ComputO, may I ask, why would you like to have shorter sessions?
ComputO
ComputOOP•6d ago
So we have a integration with a 3rd party api which also has a different token based auth that supports 30 min long session, we were trying out to keep the sessions in sync for both so that we don't have to juggle between multiple auths and tokens a lot in a session @Filip Thanks for the response btw... This gives me a clarity and I'll try a different work around that my team was discussing
Filip
Filip•6d ago
Technically, I think you could monkey-patch Wasp for shorter sessions by editing the generated code file on each build. I'll let @miho confirm that though, he's the expert
Filip
Filip•6d ago
miho
miho•3d ago
@Filip thank you for creating the issue! Yep, it's a thing we need to improve in Wasp to expose a way for users to configure our underlying libraries like Lucia and Prisma đź‘Ť

Did you find this page helpful?