The problem here is that new Date().getTime() or Date.now() gives the current date time, so every time this method is applied it adds the sessions expiry time to it. And hence the session never expires on the desired time.
Example :
login time : 10am
Post login interaction 1:
date.now = 10am
expiry set to 10am + 10 mins = 10:10am
Post login interaction 2:
date.now = 10:05 am
expiry set to 10:05 am + 10 mins = 10:15am
and so on.
Expectation:
Post login interaction 1:
login at = 10am
expiry set to 10am + 10 mins = 10:10am
Post login interaction 2:
login at = 10:00 am
expiry set to 10am + 10 mins = 10:10am
Session expires when its 10:10am
Is there a way to get event.session.created_at or something similar for this use case, we don’t have the Enterprise version.
The code snippet provided above works as intended, as after any successful login the user’s session gets extended.
However, you desired use case to enforce an absolute, non-rolling expiry session should be achievable by customizing a Post-Login Action and setting a flag in the user’s app_metadata to persistently store the original login time, reference it on subsequent logins and create the logic around it. Only update it in future actions if the current time has passed the app_metadata’s flag + the set session time. So this way, if a user logs in in this interval, you’ll not update their session expiry flag.
I have attached bellow an action’s code example that should be considered for understanding the logic within the action:
const CURRENT_LOGIN_TIME_MS = Date.now(); // e.g., 10:05 AM
const PERSISTED_START_TIME_MS = user.app_metadata.fixed_session_start_time || 0; // e.g., 10:00 AM
const FIXED_DURATION_MS = 10 * 60 * 1000; // 10 minutes
// 1. Calculate the end time of the previous fixed window.
const PREVIOUS_WINDOW_EXPIRY_MS = PERSISTED_START_TIME_MS + FIXED_DURATION_MS; // e.g., 10:10 AM
let sessionBaseTime;
let shouldUpdateMetadata;
// 2. Decide if we start a new session window or reuse the old one.
if (CURRENT_LOGIN_TIME_MS >= PREVIOUS_WINDOW_EXPIRY_MS) {
// Condition 1: Fixed session has expired, or this is the first login.
// START NEW WINDOW from the current login time.
sessionBaseTime = CURRENT_LOGIN_TIME_MS; // e.g., 10:11 AM
shouldUpdateMetadata = true;
} else {
// Condition 2: Fixed session is still active.
// REUSE OLD WINDOW's start time.
sessionBaseTime = PERSISTED_START_TIME_MS; // e.g., 10:00 AM
shouldUpdateMetadata = false;
}
// 3. Calculate the final, non-rolling expiry.
const FINAL_ABSOLUTE_EXPIRY_MS = sessionBaseTime + FIXED_DURATION_MS; // e.g., 10:10 AM
// 4. Output (Actions/API calls)
if (shouldUpdateMetadata) {
// Persist the new base time for the next login check.
api.user.setAppMetadata('fixed_session_start_time', sessionBaseTime);
}
// Set the session expiry time based on the fixed, non-rolling calculation.
api.session.setExpiresAt(Math.floor(FINAL_ABSOLUTE_EXPIRY_MS / 1000));
Thank you and please let me know if this better helps your use case!
Best regards,
Remus