Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Session length expiration

  • 0
  • Flutter
  • Realtime
  • Accounts
View on Discord
ThatGuySam
20 Oct, 2023, 13:47

Session length expiration doesn’t trigger the real-time event “users.[userId].sessions.[sessionId].delete”

I’m trying to have a user be automatically redirected to the login screen if their session times out but when the time limit defined in the console has passed, I don’t receive a realtime event on the account channel for the session delete event. Also the session still shows under the user sessions tab on the console. However if I try to make a request that requires a valid session after the expiry time has passed, I get the unauthorized Role(guests) exception.

Appwrite version: 1.4.5 Self hosted Flutter SDK: 11.0.0

TL;DR
The user is experiencing issues with session length expiration in the Appwrite platform. They note that when sessions expire, access to most events in the realtime API, including user delete, is lost. They mention that the session expiration does not trigger a session delete event in the realtime API, causing difficulties in handling session expiration client-side. The user also points out that the note under the session length setting is misleading. They are seeking guidance on how to automatically redirect a user to the login screen when their session times out. The user is using Appwrite version 1.4.5 and Flutter SDK 11.0.0.
VincentGe
20 Oct, 2023, 14:22

@ThatGuySam This is expected, actually. Appwrite sessions last for a while, so I'm wondering why you'd be dealing with expired sessions? Did you manually tweak the session expiration times?

VincentGe
20 Oct, 2023, 14:23

Expiration doesn't count as session delete in this case 🙂

ThatGuySam
20 Oct, 2023, 14:39

I adjusted the console’s “Auth->Security->Session length” to limit user sessions to 24 hrs but for testing I lowered this to 2 mins Strange…the note under the setting says users who are logged in will be logged out automatically. If this doesn’t fire a session delete event, how is one to handle/detect this expiration client side?

VincentGe
20 Oct, 2023, 18:42

Generally, with conditional routing, you'd check for valid sessions with a Account.get()

VincentGe
20 Oct, 2023, 18:43

Not sure with Flutter, but for web, would be like a pre-render hook in the life cycle

ThatGuySam
23 Oct, 2023, 21:45

Understood but that won’t work in a case where one wants to have the application automatically log a user out on session expiration because I can’t subscribe to a realtime event that is triggered by the expiration.

ThatGuySam
23 Oct, 2023, 21:53

@VincentGe & @Steven if this doesn’t trigger a session delete event on the realtime API then what was the intended use cases for this feature? Also if that’s the case then the text description under setting should be updated as it implies some form of realtime functionality 🤷🏽‍♂️

VincentGe
24 Oct, 2023, 14:13

This isn't really how you implement this feature 👀

VincentGe
24 Oct, 2023, 14:14

So for banking apps, they check the expiration time of the session.

VincentGe
24 Oct, 2023, 14:14

For most apps you run Account.get() on a page switch, in a pre-render life cycle hook.

VincentGe
24 Oct, 2023, 14:15

If it's "expired" you're redirected to the log in page. You don't need to log out, the session already expired

VincentGe
24 Oct, 2023, 14:16

I mean, realtime API required permissions to see the event. Once your session expires, you lose access to most events in the realtime API, including user delete. Otherwise any unauthenticated users can see your user expiring

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more