-
-
Notifications
You must be signed in to change notification settings - Fork 485
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request]: Customizable session.fresh / active period expiration #1630
Comments
To put it simply, you want a session with no expiration date. |
I'm not planning to implement this now or in current version, especially if we go with #1639. You're probably better off implementing your own session management |
What is the connection between user-defined adapters and this issue? Sorry if it's obvious, I'm just getting familiar with this library and trying to make sure I have a good understanding. Even in the current V4, Lucia's If the plan is to keep this logic within Lucia, I agree that a config could be useful to give control to the dev. For example, a |
Not quite - I want a session that expires if the user does not visit at any point in time before the expiry datetime
Fair. We might try to just build our own little "session refresh" logic for this and use Lucia otherwise. Will update here with result if we do that. |
I'm not talking about adapters here; rather I think you'd be better off ditching Lucia completely and implementing sessions from scratch |
Seems drastic - would prefer to just configure refresh behavior. Loving Lucia otherwise. |
To be honest, I just don't like callbacks. import { SessionState } from "lucia";
const lucia = new Lucia(adapter, {
checkSession: (session) => {
if (Date.now() >= session.expiresAt.getTime()) {
return SessionState.Invalid;
}
return SessionState.UpdateExpiration;
},
}) You probably can update the expiration when retrieving the session too. UPDATE session SET expires_at = expires_at + 2592000 RETURNING *; |
I guess I wasn't thinking of the API as a callback. I like the direction that @jshear hinted at above - something declarative like: const lucia = new Lucia(adapter, {
sessionExpiresIn: new TimeSpan(30, 'd'),
refreshSessionAfter: new TimeSpan(1, 'd'),
} You could continue to default (happy to try my hand at a PR for this - if you agree with the direction) |
Package
lucia
Description
Currently the session is refreshed if the user is active within the second half of their expiry period:
https://github.com/lucia-auth/lucia/blob/1210baf16a1754f8a3deba962f1be94dd047072e/packages/lucia/src/core.ts#L135C9-L135C35
It would be great if this could be customized.
E.g. for our use case I would love to customize this behavior to "refresh the session on every visit" instead of "only refresh the session if user happens visit in second half of their expiry period"
The text was updated successfully, but these errors were encountered: