When should I require a user to re-login to their account?



  • I am building a service for developers and I am wondering when I should "expire" a session. I obviously don't want my users to have to login every time they reload the page but I wouldn't want them to have to only login once and have complete access to their account forever either.

    I have decided on "every 24h" and I wanted to see what the community has to say.



  • If you want to expire the user login after a limited constant time period, then you can use cookie with expire value, in node express server.

    res.cookie('rememberme', '1', { expires: new Date(Date.now() + (1000 * 60 * 60 * 24)), httpOnly: true });
    

    Else you can use session storage if you want to logout the user whenever he closes the current browser.


Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2