Expired session removal

[Ehesp]

When using session storage, it's possible to provide an expiry date on the cookie:

const { getSession, commitSession, destroySession } =
  createFileSessionStorage({
   dir: "/app/sessions",
    cookie: {
      name: "__session",
      expires: new Date(Date.now() + 60_000),
      ...,
    },
  });

When the getSession method is called, internally Remix reads the file, and if the internally stored expiry time (which is set by using the cookie expiry time). If the session has expired, the session will be removed.

However, if the cookie has expired the browser will no longer send it to the server, therefore the stored session will never be read and thus never removed.

Am I missing something obvious here, or would a session never be removed?

[kiliman]

Yes. You would need an external process that cleans up expired sessions. Remix can only clean up sessions that it tries to access, and if the session expired and the user never visits the site again, Remix wouldn't know to check it. Just run a cron job each night to clean up dead sessions.