feat: Integrate MongoDB session store for improved session management

2026-02-04 15:46:36 +07:00
parent 6dcfd19432
commit 12e7edc9a7
2 changed files with 14 additions and 3 deletions
--- a/server.js
+++ b/server.js
@@ -3,6 +3,7 @@ const dotenv = require("dotenv");
 const path = require("path");
 const cookieParser = require("cookie-parser");
 const session = require("express-session");
+const MongoStore = require("connect-mongo");
 const flash = require("connect-flash");
 const expressLayouts = require("express-ejs-layouts");
 const fs = require("fs");
@@ -58,13 +59,22 @@ app.use(
  express.static(path.join(__dirname, "public")),
 );

-// Session configuration
+// Session configuration (using MongoDB store to avoid logout khi server restart)
 app.use(
  session({
    secret: process.env.SESSION_SECRET || "secret",
-    resave: true,
+    resave: false,
    saveUninitialized: false,
-    cookie: { maxAge: 1000 * 60 * 60 * 24 }, // 24 hours
+    store: MongoStore.create({
+      mongoUrl: process.env.MONGODB_URI,
+      collectionName: "sessions",
+      ttl: 60 * 60 * 24, // 24 hours (in seconds)
+    }),
+    cookie: {
+      maxAge: 1000 * 60 * 60 * 24, // 24 hours
+      httpOnly: true,
+      sameSite: "lax",
+    },
  }),
 );