A predicate function that decides whether the session expiry should be extended
on a pass-through request (one that does not match an auth route). Return false
to skip the expiry bump for that request. May be synchronous or asynchronous.
Only consulted when rolling is enabled. Only applies to the middleware's passive
session-touch path — writes triggered by token refresh, updateSession, or
authentication flows always proceed regardless of this hook, because the session
data itself changed.
If the hook throws or rejects, the SDK fails open and rolls the session as usual
(a warning is logged).
Default: undefined (the session is always rolled).
A predicate function that decides whether the session expiry should be extended on a pass-through request (one that does not match an auth route). Return
falseto skip the expiry bump for that request. May be synchronous or asynchronous.Only consulted when
rollingis enabled. Only applies to the middleware's passive session-touch path — writes triggered by token refresh,updateSession, or authentication flows always proceed regardless of this hook, because the session data itself changed.If the hook throws or rejects, the SDK fails open and rolls the session as usual (a warning is logged).
Default:
undefined(the session is always rolled).