How can I force the deletion of a session ID cookie with express-session?

Question

I'm using the express-session module to set a session with an expiration age. After this age, the cookie will be deleted when the page is refreshed. However, such as when the user logs out, I would like to forcefully delete the cookie. I have already successfully destroyed the session using req.session.destroy.

I've tried to use:

res.clearCookie('SID').status(200).send('Page');

inside req.session.destroy, although, if I view the cookie details in the browser I see that the content is set to nothing, and the expiration date is set to Thursday, 1 January 1970 at 01:00:00, although the cookie will not delete itself. I also set unset: 'destroy' inside the session store config, but this did not solve my issue.

Middleware:

app.use(session({
  store: new MemoryStore({
    checkPeriod: 86400000
  }),
  cookie: {
    secure: true,
    maxAge: 10000
  },
  secret: secret,
  resave: false,
  saveUninitialized: false,
  name: 'SID',
  unset: 'destroy'
}));

Thanks in advance.

Answer 1

You need to force to set the values of req.session.cookie.expires or req.session.cookie.maxAge.

See this peiece of code as an example,

var timeInMillseconds = 3600000;
req.session.cookie.expires = new Date(Date.now() + timeInMillseconds);
req.session.cookie.maxAge = timeInMillseconds;

Use this middleware for now

app.use(session({
  secret: 'mySecre',
  saveUninitialized: true
}))

app.get('/', function(req, res){
   req.session.myUser = "myUser";
   req.session.cookie.expires = new Date(Date.now() + 36000000);
   req.session.cookie.myDog = "myDog";
   res.status(201).send(req.session); //you can also use 200
   console.log(req.session);
})