How does login timeout work in NodeJS?

We need to setup timeout for a NodeJS Wappler secure login, so here are a few questions around it.

  1. Does timeout function works differently when using Docker or some other type of deployment?
  2. What is the default timeout value when remember is NOT checked VS when it is checked?
  3. Can I configure timeouts separately for both remeber & not-remember cases & how?


  1. The timeout depends on the session, you can set it in the Server Connect Settings.


  1. When using redis the default is 86400 (1 day), memory store is the default but should not be used in production, we will probably replace this with a better memory store. You can also use different stores and edit it directly in the config.json. When the remember is checked then it will set next to the session an authorization cookie, the options like duration for this cookie can be set in the Security Provider options.

  2. Already answered this in point 2. Session timeout is set in Server Connect Settings and the remember me cookie is set using the Security Provider options.

Thank you for the explanation @patrick .
Two followup questions:

We modify the lib/setup/config.json file to use database store. There is something called clearInterval there. This is similar to setting session TTL as you describe here?

So if remember me is checked, the auth cookie timeout value will take precedence over session timeout value?

Use the cookie.maxAge option to set the timeout. I checked the knex database store and it uses the cookie maxAge as expiration date. The clearInterval is an interval time in which is does a cleanup of the data in the database by deleting all records of expired sessions.

The auth cookie holds the encrypted user credentials, it is used when the session is expired, it will then use the auth cookie to automatically login the user again.

1 Like