Express.js + Passport.js + no-ip.org issue: dynamic ip server user authentication keeps getting reset

Question

Express.js + Passport.js + no-ip.org issue: dynamic ip server user authentication keeps getting reset

I've tried searching far and wide for a solution to this. The app works properly when run as localhost keeping users authenticated for an extended period. But when I run it on my server and log in it's like the connection gets reset after a short while and I am forced to log in again.

My app (has more dependencies but I guess these are of most relevance):

ExpressJS ver. 3.0.0rc4
PassportJS ver. 0.1.15

My Server:

Runs the app using forever.js
Has to reconnect to the network it's on using VPN.
To provide a stable entrypoint I use noip.com which through a client installed on the computer is able to make sure that my free domain always points to my server's ip.

Most likely the issue has something to do with no-ip.org and the dynamic ip. Any ideas?

Pasting the app config code as well:

app.configure ->
  app.set "port", process.env.PORT or 8080
  app.set "views", __dirname + "/views"
  app.set "view engine", "jade"
  app.locals.compileDebug = false #Made jade a little more compact
  app.use express.favicon()
  # app.use express.logger("tiny")
  app.use express.logger("dev")
  app.use express.bodyParser()
  app.use express.methodOverride()
  app.use express.cookieParser("awesome unicorns")
  app.use express.session(
    secret: "awesome unicorns"
    cookie:
      maxAge: 2592000000
  )
  app.use flash()
  app.use passport.initialize()
  app.use passport.session()
  app.use app.router
  app.use express.static(path.join(__dirname, "public"))

Update:

I updated the code as adviced by commenter RobertKlep, and revisited my page. This time I compared the session cookie when running the app as localhost versus on the server. The localhost And the server's cookie was not being correctly set. The problem might be related to this discussion.

Second update plus final solution

Problem solved! Turns out I had hidden node processes running which prevented the app from being properly updated. Furthermore since the server was listening on port 80, a conflict was raised because I had not configured socket.io to listen to a different port using app.listen(81);

node.js
express
session-cookies
session-timeout
passport.js

Answer 1

This looks wrong:

app.use express.session(
  secret: "awesome unicorns"
  maxAge:
    expires: new Date(Date.now() + 3600000)
)

maxAge isn't an argument for express.session, I think you meant cookie there:

app.use express.session(
  secret : ...
  cookie :
    expires : new Date(Date.now() + 3600000)
)

Also, if used like that, the expiry date is evaluated just once: at the startup of your application. So after an hour of running the application, any new sessions will expire immediately.

Use maxAge instead, which sets the expiry relative to the moment of creating the session:

app.use express.session(
  secret : ...
  cookie :
    maxAge : 3600000
)