ExpressJS session cookie is not updated

Tag: node.js , session , cookies , express Author: tungming Date: 2014-01-23

I am trying out express.session() middleware. The usage seems to be fairly simple and I quickly implemented what I wanted. Basically I implemented authentication based on session cookies. As a part of this function I implemented checkbox "remember me" which is pretty much a standard for login windows on the web. Here appears to be a problem.

I want the following functionality - when user opens/reloads the page if there is valid session cookie and it matches existing session object on server application, then session.cookie.maxAge on server and cookie expiration on client are reset to the new value (which is now() + x). Therefore making page work like - if user did not come back for e.g. 3 days then he is automatically logged out, but if he comes back within 3 days, then he is logged in and auto-logout counter is reset back to 3 days.

I expected that session.touch() would do it, but it only seems to reset session expiration date on server and doesn't push new cookie to client.

My question - did I miss something or it was intentional implementation?

PS: I could regenerate session each time and that would update cookie. But I concern for overhead of running this code on every request I also could manually push updated cookie, but would prefer to do it within express.session() functionality.

I also found this question which was never answered (except for OP himself): Updating cookie session in express not registering with browser