Every so often, my nodejs application — which uses the express v4.12.2 and express-session v1.13.0 modules — throws the following TypeError exception and crashes:

/app/node_modules/express-session/node_modules/cookie/index.js:136
  if (opt.expires) pairs.push('Expires=' + opt.expires.toUTCString());
                                                       ^

TypeError: opt.expires.toUTCString is not a function
    at Object.serialize (/app/node_modules/express-session/node_modules/cookie/index.js:136:56)
    at setcookie (/app/node_modules/express-session/index.js:576:21)
    at ServerResponse.<anonymous> (/app/node_modules/express-session/index.js:204:7)
    at ServerResponse.writeHead (/app/node_modules/on-headers/index.js:46:16)
    at ServerResponse._implicitHeader (_http_server.js:157:8)
    at ServerResponse.res.write (/app/node_modules/compression/index.js:82:14)
    at ReadStream.ondata (_stream_readable.js:529:20)
    at emitOne (events.js:90:13)
    at ReadStream.emit (events.js:182:7)
    at readableAddChunk (_stream_readable.js:147:16)
    at ReadStream.Readable.push (_stream_readable.js:111:10)
    at onread (fs.js:1822:12)
    at FSReqWrap.wrapper [as oncomplete] (fs.js:614:17)

I'm not sure why this would be an error, since toUTCString() is a function. (Unless opt.expires is not a Date object.)

From testing the application, and also because this seems to involve opt.expires, I am wondering if this happens when a session times out.

Here is how I am setting up sessions:

var express = require('express');
var expressSession = require('express-session');
...
var app = express();
...
app.use(expressSession({
    key: 'application.sid',
    secret: 'some.secret.string',
    cookie: {
        maxAge: 60 * 60 * 1000,
        expires: 60 * 60 * 1000
    },
    store: new mongoStore({
        mongooseConnection: mongoose.connection,
        collection: 'sessions'
    }),
    saveUninitialized: true,
    rolling: true,
    resave: true,
    secure: true
}));

My goal is to have a session expiration get extended if the user keeps using the application.

Is there something wrong about how I have set this up, or have I run into some bug that would be fixed with a specific combination of versions of modules?

req.session.cookie.expires must be a date not a number.

Each session has a unique cookie object accompany it. This allows you to alter the session cookie per visitor:

var hour = 3600000;
req.session.cookie.expires = new Date(Date.now() + hour);
req.session.cookie.maxAge = hour;