docs: add documentation regarding dynamic cookie.maxAge & ttl (#141)

koajs · Jan 10, 2022 · a5e72b3 · a5e72b3
1 parent 805dc47
commit a5e72b3
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -96,7 +96,7 @@ app.listen(8080);
 
  * `key`: cookie name defaulting to `koa.sid`.
  * `prefix`: session prefix for store, defaulting to `koa:sess:`.
- * `ttl`: ttl is for sessionStore's expiration time. it is different with `cookie.maxAge`, default to null(means get ttl from `cookie.maxAge`).
+ * `ttl`: ttl is for sessionStore's expiration time (not to be confused with cookie expiration which is controlled by `cookie.maxAge`), can be a number or a function that returns a number (for dynamic TTL), default to null (means get ttl from `cookie.maxAge` or `cookie.expires`).
  * `rolling`: rolling session, always reset the cookie and sessions, defaults to `false`.
  * `genSid`: default sid was generated by [uid2](https://github.com/coreh/uid2), you can pass a function to replace it (supports promises/async functions).
  * `defer`: defers get session, only generate a session when you use it through `var session = yield this.session;`, defaults to `false`.
@@ -125,6 +125,19 @@ app.listen(8080);
     Notice that `ttl` is different from `cookie.maxAge`, `ttl` set the expire time of sessionStore. So if you set `cookie.maxAge = null`, and `ttl=ms('1d')`, the session will expired after one day, but the cookie will destroy when the user closes the browser.
     And mostly you can just ignore `options.ttl`, `koa-generic-session` will parse `cookie.maxAge` as the tll.
 
+    If your application requires dynamic expiration, control `cookie.maxAge` using `ctx.session.cookie.maxAge = dynamicMaxAge`, when you need `ttl` to differ from `cookie.maxAge` (a common example is browser-session cookies having `cookie.maxAge = null`, but you want them to not live indefinitely in the store) specify a function for `ttl`:
+
+    ```js
+    {
+      ttl: (session) => {
+        // Expire browser-session cookies from the store after 1 day
+        if (session.cookie?.maxAge === null) {
+          return 1000 * 60 * 60 * 24;
+        }
+      }
+    }
+    ```
+
 ## Hooks
 
 - `valid()`: valid session value before use it