Hi,
Here is related code from my app.js:
app.use(cookieParser());
app.use(session({
store: new RedisStore({
host: config.redis_instance_local_ip,
port: config.redis_instance_local_port
}),
cookie: {
maxAge: 31536000000
},
secret: config.application_session_secret,
resave: false,
saveUninitialized: true
}));
app.use(express.static(path.join(__dirname, 'public')));
// ROUTES
require('./routes')(app)
Using this configuration, once a user sends a request:
set-cookie header is set with the responseconnect.sid is successfully created.connect.sid cookie is successfully carried through Cookie header at every request to my application.While all sounds good, there is a strange thing.
At every request, a new session ID is generated and saved to the Redis store ALTHOUGH newly created ones are never used. Still the first session ID is used with respective cookie.
127.0.0.1:6379> keys *
1) "sess:d9Mr23DmJvDJfyJ3AT7Fgly3ML0QVklG"
2) "sess:N73WYEIL2ZdGg8xcdMkhUVw6ryeHprib"
3) "sess:h5DzVIECpq8ygy1990ZXs3b1uFt1JhLQ"
4) "sess:bPTCL7dy67QbbGhT6QDKZ5rUg8L8OTV_"
5) "sess:QR2b8bO4VNjpCFhUp42jZDn-ESJT2yTz"
6) "sess:nQu0A2lUwGO75LW6HnxmA9ZYOiXgy2Uo"
7) "sess:6IvYSkE8RIOGzw1mfNEoU6WBisqoD1H-"
8) "sess:bkH1j_1GIMXQHjPePG-kirg_eRmG65SD"
9) "sess:7HmqqsbZFyZjiUb-M2yYOAvpG7gGcBqQ"
I don't want my Redis instance to be full of useless session ID's. I guess I'm doing something wrong? Or is that an expected situation?
It seems to me, you probably want to use saveUninitialized: false in your settings. Is there a reason you have it set to true in your example? Does setting it to false correct the behavior you are seeing?
Hi @dougwilson , when I change saveUninitialized option to false no session is created at my session store (Redis).
Hi @scaryguy , yes, no session will be created until to put something in it. Are you putting something in the session? req.session.thing = 'value';
If you really, really want to keep saveUninitialized set to true instead of false, then most likely you need to refactor your middleware. It's likely all those sessions are getting created if you have express.static used _after_ the session middleware; we would recommend that static files are handled before the session middleware, since all the work the session middleware does is not useful for static files.
@dougwilson , what I want to have should be something simple but I'm not able to get it in the way I want.
Here is the scenario;
My current configuration can do these. BUT when I refresh the page, the session ID changes. But it should not change because maxAge is set to a year! Current behavior is it creates the session at the first request and uses that cookie at the next requests. But when I refresh, it changes.
I want a specific session ID remain same for a user as long as possible. And I also don't want my application to create useless session ID's for each request because it will receive hundreds of thousands of requests every day.
At your answer you say:
Are you putting something in the session?
No, I'm not. Because I don't need anything. All I need is a user specific and uniquely created session ID.
Considering your recommendation, should I assign a value to req.sessionID if saveUninitialized would work better in my case?
Note: I'm using nginx as a load balancer. I also use sticky session feature of nginx and all requests are redirected to the right instance of the app. (I'm inspecting srv_id)
Any help appreciated.
(Btw app.use(express.static(path.join(__dirname, 'public'))); line is before cookieParser and session() conf)
So what you describe is something this module can definitely do. At this point, the only wat to assist you further is if you send your entire app as-is that reproduces the behavior you are seeing so we can debug it.
Not sure if you have already found a solution. if not, i did manage to get past this absurd behaviour in little less then 24 hours of slog.
@ritwbanerjee I would be interested in your solution, I'm seeing the same behavior.
@ritwbanerjee it will be great if you shared your solution :)
@ICiscoStu @johnwebbcole Link to my repo
https://github.com/ritwbanerjee/angular-node-seed
if a new sessionID is generated every request, it means the request didn't send a Cookie header
fetch('http://localhost:3000/').then(console.log)
// vs
fetch('http://localhost:3000/', {credentials: 'include'}).then(console.log)
I am so happy to say, this combo finally worked for me!!! Hallelujah!
REDIS +NODEJS -> NGINX
We all need sessions working 100%, it's super important and there is just no room for error.
If you notice any issues, please update an share so we can all learn how to avoid these coding anomalies.
var express = require('express'),
app = express(),
session = require('express-session')
app.store = new (require('connect-redis')(session))
app.use('/minified', express.static(app.path.join(__dirname, '/../www/minified')))
app.sessionMiddleware = session({
store: app.store,
name: 'sid',
secret : 'zPLaW.....e',
resave: false,
saveUninitialized: true,
genid: req => {
return (require('uuid/v4'))()
},
proxy: true,
cookie: {
maxAge: 60 * 24 * 60 * 60 * 1000
}
})
app.use(app.sessionMiddleware)
Also, I read somewhere that if you are using express.static, it should be placed before the session declaration or it could potentially cause session persistence issues when dealing with Redis. _(I've illustrated this above as well)_ Sounds crazy to me, but might as well try everything to figure the optimal code.
I've met this problem 3 times, each step of below is working for me different time:
resave: falseconnect-redis as session store.name: 'sid'...wish works forever...
It appears I am still experiencing this issue. My development environment works fine, it's my production environment that creates the multiple session ID's. I am thinking it might have something to do with NGINX. My dev environment runs runs WAMP (APACHE) proxy for NodeJS, but I appear to just be having the problem with NGINX as a frontend proxy to NodeJS.
I'm experiencing the same issue as described on Stackoverflow, but I cannot see any request without cookie (expect for OPTIONS request related to CORS but it should be normal).
i've got the same issue any working samples would be appreciated
Most helpful comment
I am so happy to say, this combo finally worked for me!!! Hallelujah!
REDIS +NODEJS -> NGINX
We all need sessions working 100%, it's super important and there is just no room for error.
If you notice any issues, please update an share so we can all learn how to avoid these coding anomalies.
Also, I read somewhere that if you are using express.static, it should be placed before the session declaration or it could potentially cause session persistence issues when dealing with Redis. _(I've illustrated this above as well)_ Sounds crazy to me, but might as well try everything to figure the optimal code.