Remember me functionality and session expiration #3794
-
Question 💬Hello, i am implementing credential provider in my project as login functionality with next auth. i did not faced any issues in implementing this, how ever i need to implement the remember me functionality in this as well and so far i am not able to find a solution for this/ any one can help of tell me if i am missing any thing here? also i would like to know how to destroy a session on browser close Thanks How to reproduce ☕️My [...nextauth].js file is
Contributing 🙌🏽No, I am afraid I cannot help regarding this |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 16 replies
-
There is no easy way to destroy a session on browser close, as browsers like Chrome use cookie restoration, and even a Session cookie will be persisted when closing the window. As for "remember me", I don't have a good answer from the top of my head. What do you mean exactly? NextAuth.js sessions are rotating, meaning if the user is interacting with the site, the session won't expire. |
Beta Was this translation helpful? Give feedback.
-
Guys, I want to present a solution with a dynamic maxAge value for the next-auth session from an external backend API. It works for me as I expected. Please try and leave a comment if you still have an issue. FILE: lib/authOptions.ts
FILE: app/api/auth/[...nextauth]/route.ts
|
Beta Was this translation helpful? Give feedback.
-
For anyone use the app router, here is the solution: import NextAuth, { AuthOptions, NextAuthConfig } from "next-auth";
import GoogleProvider from "next-auth/providers/google";
import { NextApiHandler } from "next";
import { cookies } from 'next/headers'
import CredentialsProvider from "next-auth/providers/credentials";
import { authConfig } from "@/app/config/auth.config";
import { NextResponse, NextRequest } from 'next/server'
export const authOptions: AuthOptions = {
secret: process.env.NEXTAUTH_SECRET,
};
const handler = NextAuth({ ...authConfig, ...authOptions });
export async function GET(req: NextRequest) {
const cookieStore = cookies();
let maxAge = 15 * 60;
const sevenDays = 7 * 24 * 60 * 60;
const oneDay = 24 * 60 * 60
if (cookieStore.get("stay-token")) {
maxAge = cookieStore.get("stay-token")?.value == "1" ? sevenDays :oneDay;
}
const handler = NextAuth({ ...authConfig, ...authOptions, ...{
session: {
strategy: "jwt",
maxAge
},
}});
const { GET } = handler.handlers
// @ts-ignore
return await GET(req)
}
export async function POST(req: NextRequest) {
const cookieStore = cookies();
let maxAge = 15 * 60;
const sevenDays = 7 * 24 * 60 * 60;
const oneDay = 24 * 60 * 60
if (cookieStore.get("stay-token")) {
maxAge = cookieStore.get("stay-token")?.value == "1" ? sevenDays :oneDay;
}
const handler = NextAuth({ ...authConfig, ...authOptions, ...{
session: {
strategy: "jwt",
maxAge
},
}});
const { POST } = handler.handlers
// @ts-ignore Ignore due to error from tsc, but the type should be correct
return await POST(req)
}
|
Beta Was this translation helpful? Give feedback.
There is no easy way to destroy a session on browser close, as browsers like Chrome use cookie restoration, and even a Session cookie will be persisted when closing the window. As for "remember me", I don't have a good answer from the top of my head. What do you mean exactly?
NextAuth.js sessions are rotating, meaning if the user is interacting with the site, the session won't expire.