Session length expiration

Session length expiration doesn’t trigger the real-time event “users.[userId].sessions.[sessionId].delete”

I’m trying to have a user be automatically redirected to the login screen if their session times out but when the time limit defined in the console has passed, I don’t receive a realtime event on the account channel for the session delete event. Also the session still shows under the user sessions tab on the console. However if I try to make a request that requires a valid session after the expiry time has passed, I get the unauthorized Role(guests) exception.

Appwrite version: 1.4.5 Self hosted Flutter SDK: 11.0.0

TL;DR

The user is experiencing issues with session length expiration in the Appwrite platform. They note that when sessions expire, access to most events in the realtime API, including user delete, is lost. They mention that the session expiration does not trigger a session delete event in the realtime API, causing difficulties in handling session expiration client-side. The user also points out that the note under the session length setting is misleading. They are seeking guidance on how to automatically redirect a user to the login screen when their session times out. The user is using Appwrite version 1.4.5 and Flutter SDK 11.0.0.

@ThatGuySam This is expected, actually. Appwrite sessions last for a while, so I'm wondering why you'd be dealing with expired sessions? Did you manually tweak the session expiration times?

Expiration doesn't count as session delete in this case 🙂

I adjusted the console’s “Auth->Security->Session length” to limit user sessions to 24 hrs but for testing I lowered this to 2 mins Strange…the note under the setting says users who are logged in will be logged out automatically. If this doesn’t fire a session delete event, how is one to handle/detect this expiration client side?

Generally, with conditional routing, you'd check for valid sessions with a Account.get()

Not sure with Flutter, but for web, would be like a pre-render hook in the life cycle

Understood but that won’t work in a case where one wants to have the application automatically log a user out on session expiration because I can’t subscribe to a realtime event that is triggered by the expiration.

@VincentGe & @Steven if this doesn’t trigger a session delete event on the realtime API then what was the intended use cases for this feature? Also if that’s the case then the text description under setting should be updated as it implies some form of realtime functionality 🤷🏽‍♂️

This isn't really how you implement this feature 👀

So for banking apps, they check the expiration time of the session.

For most apps you run Account.get() on a page switch, in a pre-render life cycle hook.

If it's "expired" you're redirected to the log in page. You don't need to log out, the session already expired

I mean, realtime API required permissions to see the event. Once your session expires, you lose access to most events in the realtime API, including user delete. Otherwise any unauthenticated users can see your user expiring

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support