Update Expiration Date at every request #47
-
|
Is there a way to update the expiration date (of both the cookie and the server-managed session) at every request? Something along the line what is described there: https://stackoverflow.com/questions/35106336/sessions-should-a-session-cookie-be-refreshed-for-each-request I like "By sending it every time, the app ensures that the session expires two hours after their last page hit.". But is this even desirable security-wise? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 13 replies
-
|
It's technically possible to do this manually with |
Beta Was this translation helpful? Give feedback.
-
|
You're right and, to be honest, modifying Now there's the |
Beta Was this translation helpful? Give feedback.
-
|
That sounds like a more reasonable approach. |
Beta Was this translation helpful? Give feedback.
-
|
And that's what you've actually suggested in the code. 😉 If you're fine with the current approach, I will proceed with tests and making a PR. |
Beta Was this translation helpful? Give feedback.
-
|
Sounds good. Happy to review a PR. |
Beta Was this translation helpful? Give feedback.
-
|
For anyone interested: related option has been released with version |
Beta Was this translation helpful? Give feedback.
It's technically possible to do this manually with
set_expiration_time. You could automate this with a custom extractor, for example and then use it as a middleware. That said, we could also support this more directly through additional configuration options. From a security perspective, it's dependent on your use case.