What is the purpose of max_age propertie in cookie component ? #498

anayrat · 2024-07-12T12:47:34Z

anayrat
Jul 12, 2024

Hello,
I implement authentication with :

-- The authentication component will stop the execution of the page and redirect the user to the login page if
-- the password is incorrect or if the user does not exist. 
SELECT 'authentication' AS component,
    'signin.sql?error' AS link,
    (SELECT password_hash FROM user_info WHERE username = :username) AS password_hash,
    :password AS password;
    
-- Generate a random 32 characters session ID, insert it into the database,
-- and save it in a cookie on the user's browser.
INSERT INTO login_session (id, username)
VALUES (sqlpage.random_string(32), :username)
RETURNING 
    'cookie' AS component,
    'session' AS name,
    id AS value,
    3600::int AS max_age, -- expire after one hour
    FALSE AS secure; -- You can remove this if the site is served over HTTPS.

-- Redirect the user to the protected page.
SELECT 'redirect' AS component, 'admin.sql' AS link;

But I can see my user is still logged after one hour.

I've seen in the example we can check session age with :

https://github.com/lovasoa/SQLpage/blob/9c47ec94cc909029853391a5c5d7b297530a18ef/examples/CRUD%20-%20Authentication/www/login.sql#L3-L8

I will change according to this example, but I wonder why max_age seems ignored ?
Thanks

lovasoa · 2024-07-12T19:27:28Z

lovasoa
Jul 12, 2024
Maintainer

can you check the created cookie in your browser's developer tools? Do you see the max-age property, and the browser still doesn't respect it?

6 replies

lovasoa Jul 12, 2024
Maintainer

I don't understand this. Can you paste the http header and a screenshot from your browser developer tools storage panel with the cookie?

anayrat Jul 12, 2024
Author

Here are response header :

HTTP/1.1 302 Found
content-length: 0
set-cookie: session=stFQ86rHXM3WaR6NLzw3N17pEYVx5Cae; HttpOnly; SameSite=Strict; Path=/
location: admin.sql
content-security-policy: script-src 'self' https://cdn.jsdelivr.net
content-type: text/html; charset=utf-8
server: sqlpage v0.24.0
date: Fri, 12 Jul 2024 19:53:46 GMT

lovasoa Jul 12, 2024
Maintainer

That's a bug ! Thanks for reporting it !

I opened #501 to track this

lovasoa Jul 12, 2024
Maintainer

In the meantime, you can use exprires, which should work as expected.

lovasoa Jul 12, 2024
Maintainer

Just fixed the issue. This will be in 0.25.

The builds are being deployed to docker hub.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

What is the purpose of max_age propertie in cookie component ? #498

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 6 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

What is the purpose of max_age propertie in cookie component ? #498

Uh oh!

anayrat Jul 12, 2024

Replies: 1 comment · 6 replies

Uh oh!

lovasoa Jul 12, 2024 Maintainer

Uh oh!

lovasoa Jul 12, 2024 Maintainer

Uh oh!

anayrat Jul 12, 2024 Author

Uh oh!

lovasoa Jul 12, 2024 Maintainer

Uh oh!

lovasoa Jul 12, 2024 Maintainer

Uh oh!

lovasoa Jul 12, 2024 Maintainer

anayrat
Jul 12, 2024

Replies: 1 comment 6 replies

lovasoa
Jul 12, 2024
Maintainer

lovasoa Jul 12, 2024
Maintainer

anayrat Jul 12, 2024
Author

lovasoa Jul 12, 2024
Maintainer

lovasoa Jul 12, 2024
Maintainer

lovasoa Jul 12, 2024
Maintainer