Some users of my web application have been encountering frequent login issues, ranging from every few hours to every few days. Interestingly, these problems seem to be specific to Safari users. It appears that Safari is affecting the session cookies and remember-me cookies in a strange way.
These users do not face similar difficulties on other websites, and this issue seems to have arisen only recently, despite no updates being made on my end. I suspect that a Safari update may have altered its behavior, but since I do not have access to Safari for testing, it poses a challenge to troubleshoot.
The server uses node/express, with the relevant code as follows:
app.use(session({ // uses cookie connect.sid
secret: process.env.SESSION_STORE_SECRET,
store: mongoStore,
maxAge: new Date(Date.now() + 3600000),
resave: false,
saveUninitialized: false
}))
app.use(passport.initialize())
app.use(passport.session())
app.use(passport.authenticate('remember-me'))
Upon reviewing the code, I realized that the 'maxAge' parameter might be causing the problem. It seems that Safari may handle 'session' cookies differently than the 'remember-me' system. Other browsers appear to work fine with the latter, hence why the issue went unnoticed by me.
I am considering removing the 'maxAge' line, as the default setting does not include one and seems to function properly.
Feel free to visit the site if you want to inspect the cookies and related elements.