Following session.flash guide causes all routes to log you out about blues-stack HOT 7 CLOSED

I did a bit of debugging, if you remove the maxAge on the initialiser for createCookieStorage, the problem goes away

export const sessionStorage = createCookieSessionStorage({
  cookie: {
    name: "__session",
    httpOnly: true,
   // maxAge: 0,
    path: "/",
    sameSite: "lax",
    secrets: [process.env.SESSION_SECRET],
    secure: process.env.NODE_ENV === "production",
  },
});

from blues-stack.

Hi @tbrasington,

Ah, that maxAge is set to 0 because we set this up so the "Remember Me" checkbox would work. If you don't check it then the session lasts only as long as the browser session (so until they close the tab) and if you check it then we set it to 7 days: https://github.com/tbrasington/remix-flash-test/blob/6dd74dfbba3420d00d3ca3b98e92955b4fcdfb9c/app/session.server.ts#L84

Feel free to change that behavior in your app.

from blues-stack.

Hi @kentcdodds thank you for the clarification. Is it then possible to have functionality like remember me and flash messages use cookie session storage?

from blues-stack.

Yes, the messages will only last as long as the browser session if you use the same session for messages and auth.

You can split them up into two sessions, but it would be weird to have messages survive longer than the session while auth does not.

As for your issue, it doesn't make sense to me that the session expires by setting a new value in it. Even with a maxAge of 0, you should be able to update values in the session (otherwise it's not really a session at all).

from blues-stack.

@ryanflorence so are you saying this is a Remix bug?

from blues-stack.

I had the same issue with a blues stack app when adding a CSFR token (using https://github.com/sergiodxa/remix-utils#csrf).

from blues-stack.

removing / not setting a maxAge makes the cookie a sessionOnly cookie by default and has since been removed #85

from blues-stack.