bberry bberry - 3 months ago 28
Javascript Question

Set ttl for hapi-auth-cookie for specific route

I'm trying to create a user login page that has a 'remember me' checkbox. Sounds simple, right?

When the user logs in without the 'remember me' checkbox selected, a default session ttl would be set to 10 seconds (10000 ms). However, if the 'remember me' checkbox is selected, then the ttl would be set to 100000 seconds (100000000 ms).

Skipping all of the authentication of username and password stuff, I've set up this small demo to exemplify my goals. Unfortunately, it seems that the session ttl is ALWAYS 10 seconds, and is never 100000 seconds.

Heres the pastebin for the code below:

var Hapi = require('hapi');
var AuthCookie = require('hapi-auth-cookie');

var server = new Hapi.Server('localhost',4000); // make a server

// this function is just for my example, I'll use an actual logger later...
function xhrlog(request){
var auth = request.auth.isAuthenticated ? "Authenticated" : "Not Authenticated";
console.log(request.method.toUpperCase()+" request to "+request.path+" is "+auth+".");

// this is the handler for the '/' route. You should start at this route first (it represents the login page)
function firstLoad(request, reply){
reply("<p style='color:blue'>click the button to test.</p><input type='button' id='foo' value='click me'></input><script>document.getElementById('foo').addEventListener('click', function(){ window.location = './newLocation'});</script> ");

// this is the page that i would expect to have created a session cookie with a ttl of 100000. But it doesnt.
function authorized(request,reply){
reply("<p style='width: 300px;'>This is the authorized page. I would expect this page to have a session timeout of 100000 seconds. But it doesnt, it only has 10 seconds. Keep refreshing to see if you are still alive!</p>");

// set up the unauthenticated route here. this is the "login" page.
config: {
handler: firstLoad

server.pack.register(AuthCookie, function(err){

// set up strategy for the session cookie. It defaults to 10000 ms
server.auth.strategy('session', 'cookie', {
password: 'secret',
cookie: 'iDontKnowWhatThisIsFor',
redirectTo: '/',
isSecure: false,
ttl: 10000

// set up the route for the 'remember me' page. It should have a ttl of 100000000 ms.
method: 'GET',
path: '/newLocation',
config: {
handler: authorized,
auth: {
mode: 'try',
strategy: 'session'
plugins: { 'hapi-auth-cookie' : { ttl: 100000000 }}


You can set different ttl values on reply interface. This ttl value overrides the default session cookie's ttl

reply("test").state("session", session, {ttl: 365 * 30 * 7 * 24 * 60 * 60 * 1000});