Hi.
We need to setup timeout for a NodeJS Wappler secure login, so here are a few questions around it.
When using redis the default is 86400 (1 day), memory store is the default but should not be used in production, we will probably replace this with a better memory store. You can also use different stores and edit it directly in the config.json. When the remember is checked then it will set next to the session an authorization cookie, the options like duration for this cookie can be set in the Security Provider options.
Already answered this in point 2. Session timeout is set in Server Connect Settings and the remember me cookie is set using the Security Provider options.
Thank you for the explanation @patrick .
Two followup questions:
We modify the lib/setup/config.json file to use database store. There is something called clearInterval there. This is similar to setting session TTL as you describe here?
So if remember me is checked, the auth cookie timeout value will take precedence over session timeout value?
Use the cookie.maxAge option to set the timeout. I checked the knex database store and it uses the cookie maxAge as expiration date. The clearInterval is an interval time in which is does a cleanup of the data in the database by deleting all records of expired sessions.
The auth cookie holds the encrypted user credentials, it is used when the session is expired, it will then use the auth cookie to automatically login the user again.