KPC
Kevin Powell - Community2w ago
~MARSMAN~

Cookie with expiryDate gets deleted once session ends

Hello, I have some weird behavior I'm not sure I understand. So now the backend sends a set-cookie called refreshToken with the login, and it's working just fine as it does what it's meant to do. but the issue is that the cookie is removed every time a session ends. Even though it has an expiry of 3 months and I can see it correctly. What is it that I'm missing? context that might help: The backend is served on a different domain than the frontend.
No description
26 Replies
ἔρως
ἔρως2w ago
what time is the cookie set to? by the way, is it in incognito? oh, that's a session cookie that's normal how are you setting the cookie?
~MARSMAN~
~MARSMAN~OP2w ago
by time you mean the expiryDate? no reguar tab, also same behavior on all browsers
ἔρως
ἔρως2w ago
yes, but i saw it is indeed 3 months into the future
~MARSMAN~
~MARSMAN~OP2w ago
yeah exactly, which is very odd 😅
ἔρως
ἔρως2w ago
not at all you're setting a session cookie the expiration date is more a formality
~MARSMAN~
~MARSMAN~OP2w ago
I'm not sure I follow so the cookie string itself is making it a session cookie?
ἔρως
ἔρως2w ago
no the cookie is a session cookie it's a cookie that's gone when the browser is closed
~MARSMAN~
~MARSMAN~OP2w ago
but what's the point of setting the expiry date?
ἔρως
ἔρως2w ago
you didn't show how you're setting the cookie, so, can't answer that
~MARSMAN~
~MARSMAN~OP2w ago
No description
ἔρως
ἔρως2w ago
which framework are you using?
~MARSMAN~
~MARSMAN~OP2w ago
No description
~MARSMAN~
~MARSMAN~OP2w ago
I'm not the backend developer, but we're using Express.js
~MARSMAN~
~MARSMAN~OP2w ago
https://www.npmjs.com/package/jsonwebtoken
npm
jsonwebtoken
JSON Web Token implementation (symmetric and asymmetric). Latest version: 9.0.2, last published: a year ago. Start using jsonwebtoken in your project by running npm i jsonwebtoken. There are 32277 other projects in the npm registry using jsonwebtoken.
~MARSMAN~
~MARSMAN~OP2w ago
this is the jwt package he is using
ἔρως
ἔρως2w ago
expressjs documentation is absolute ass
~MARSMAN~
~MARSMAN~OP2w ago
No description
~MARSMAN~
~MARSMAN~OP2w ago
decoding the cookie on https://jwt.io/ shows the expiry date correctly
ἔρως
ἔρως2w ago
this is what's important everything else is inconsequential
~MARSMAN~
~MARSMAN~OP2w ago
ok, do you have any idea what's wrong in that part?
ἔρως
ἔρως2w ago
https://expressjs.com/en/5x/api.html#res.cookie
Express 5.x - API Reference
Access the API reference for Express.js 5.x, detailing all modules, methods, and properties for building web applications with this latest version.
ἔρως
ἔρως2w ago
this should let you pick if it is or isnt a session cookie AHA!!!! i found the problem
ἔρως
ἔρως2w ago
No description
ἔρως
ἔρως2w ago
it's possible that by using maxAge, the session flag isn't removed try using this instead important: by using the date, you need to multiply everything by 1000 because js uses microseconds instead of milliseconds
~MARSMAN~
~MARSMAN~OP2w ago
done, changed it to expires with a Date. now I have opened and closed a couple sessions on different browsers, and it didn't get removed yet 🙉 I will keep testing it, and hope it's fixed now. Thank you!
ἔρως
ἔρως2w ago
you're welcome seems like a bug in express js you can check it by just seeing if it has the session flag set if it doesn't, it's a bug if it does, it's also a bug

Did you find this page helpful?