Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session never validate as fresh - session.fresh: false #1681

Closed
zacharybenson opened this issue Aug 30, 2024 · 4 comments
Closed

Session never validate as fresh - session.fresh: false #1681

zacharybenson opened this issue Aug 30, 2024 · 4 comments

Comments

@zacharybenson
Copy link

Sessions are always marked as stale (fresh: false), even if they were just created. This is happening despite the current date/time being before both the expires_at date/time (set to 30 days) and the halfway point (15 days).

Context:

Troubleshooting Steps:

  1. I validated that sessions are being created in the MongoDB database (they're there).
  2. I recreated the validateSession method and called it directly, but I got the same result as when calling through lucia.validateSession.

It seems like this section of the validateSession method always evaluates to false:

// lucia/packages/lucia/src/core.ts (line 135)
const activePeriodExpirationDate = new Date(
databaseSession.expiresAt.getTime() - this.sessionExpiresIn.milliseconds() / 2
}
// lucia/packages/lucia/src/core.ts (line 145)

if (!isWithinExpirationDate(activePeriodExpirationDate)) {
    session.fresh = true;
    session.expiresAt = createDate(this.sessionExpiresIn);
    await this.adapter.updateSessionExpiration(databaseSession.id, session.expiresAt);
}

I dug deeper and looked at the isWithinExpirationDate method from
Olso , which simply calls:

// olso/src/index.ts (line 40)
export function isWithinExpirationDate(date: Date): boolean {
    return Date.now() < date.getTime();
}

I believe that the issue it the "!" condition being applied at line 145 - as it causes a fresh session to switched to be evaluated as false and in turn making the session return (fresh: false).

lucia/packages/lucia/src/core.ts

Line 145 in cfe8251

if (!isWithinExpirationDate(activePeriodExpirationDate)) {

Was that the intended outcome and I have the wrong understanding of what fresh means?

Thank you for your help!
This was referenced Aug 30, 2024
Closed
Open
@zacharybenson
Copy link
Author

Related issue: #1668

@CodeImm
Copy link

CodeImm commented Sep 1, 2024
edited
Loading

Note whether you are using _id or id: existingUser._id and existingUser.id are different things. When creating a user in the database, don't generate the _id yourself. (Just my opinion) Everything is working for me.

@weeksie
Copy link

weeksie commented Oct 6, 2024

@zacharybenson I was a bit confused by this one, but "fresh" just means that you want to update the session cookie, if you get a session back it's valid, even if fresh is false.

@pilcrowonpaper
Copy link
Member

fresh is true when it's before the expiration but after the halfway point

@pilcrowonpaper pilcrowonpaper closed this as not planned Won't fix, can't repro, duplicate, stale Oct 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@weeksie @CodeImm @zacharybenson @pilcrowonpaper