app.use(cookieParser());
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true,
cookie: {
secure: false
}
}))
app.post('/login', (req, res) => {
let user = Users.findOne({
username: req.body.username,
password: req.body.password
}, function(err, doc) {
console.log(err, doc);
if (doc && doc._id) {
//here changing of the session
req.session.user = doc;
req.session.save((err) => {
if (!err) {
console.log(req.session);
res.redirect("/");
}
});
}
});
//console.log(req.session);
});
app.use(function(req, res, next) {
console.log(req.session);//here it logs the session without the user
if (req.path === "/login" || req.path === "/register" || req.path === "/registerUser" || req.path === "/instagram/registerUser" || (req.session && req.session.user)) {
next();
} else {
res.redirect("/login");
}
});
it has to do with a bug you have to session.save() before you redirect.
i did it in the save callback
req.session.save((err) => {
if (!err) {
console.log(req.session);
res.redirect("/");
}
});
Hi @hich-em if you have that save in there it _should_ work, but I hear you're saying it doesn't. We would love to dig into your issue, but there is not enough information provided for us to do so. Can you please provide us with all the following information?
Thanks!
@dougwilson
1) node version : 4.5.0
2) Express session plugin version: 1.14.1
3) for the code i can't give you whole the app because it is a private app, i gave you the most important part where i used the session
Thanks!
@gabeio i tried it but no news
Hi @hich-em it doesn't have to be _the_ app, but it does need to be _an_ app. As in, please take your snippet above, fill in all the missing variables such that it is actually a complete app. Because you still need to provide me the information in step 4, otherwise, I don't even know how to reproduce your issue. I tried to piece your snippets together myself and found no issues, so I have no reproduction case with the current information, so I don't know what else I can do.
@hich-em do you have any runnable app which can reproduce the issues you are having (preferably as small as possible)... as @dougwilson mentioned it's impossible for us at this moment to reproduce your issue without a fully functioning app. As many different things might be causing it even some middleware your company might have custom built but didn't realize "this" or "that" affected the session. Or even the session-store you are using. A lot of these are really needed to debug further.
Have the same problem. The example given in the github documentation even does not work. Every time in a running server, the number of views is always 1. I plugged in the error handling of @hich-em. And here is the output:
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
views: { '/foo': 1 } }
views not found
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
views: { '/foo': 1 } }
views not found
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
views: { '/foo': 1 } }
So for each subsequent get request ...the number remains as 1. Is this the expected behaviour ?
I'm going to close this since no app was never provided to look into anything.
I was having same issue, but I found a way around it. After ecery change to the session data, just do a req.session.save and u are good to go.
So something like this would do...
if(req.session.views){
req.session.views++;
req.session.save(callbackFunction);
}
Hope this helps
Does not work either...
+1 does not work.
+1 does not work.
+1 does not work, I am using MemoryStore but it's not production so at least in development environments it should be stable. it is completely unusable. Same code sometimes saves user, sometimes it doesn't
+1 sometimes work, sometimes doesnt work.
Whyyyy?????
I commented out this part and it starts working:
cookie: {
// secure: true
},
I commented out this part and it starts working:
cookie: { // secure: true },
Works, but how do we make it secure now
I commented out this part and it starts working:
cookie: { // secure: true },Works, but how do we make it secure now
See https://stackoverflow.com/a/40324493/8403046 and https://github.com/expressjs/session#cookiesecure
When I commented out secure: true, it worked for me as well.
It doesn't work for me.
In login It save user in session but in get request the req.session.user is undefined.
After "req.session.user = data" you note that "req.session.save( (err) => { req is undefined })"
app.use(cors({origin: [
"http://localhost:4200"
], credentials: true}));
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: true,
cookie: { }
}))
const authMiddleware = (req, res, next) => {
// req.session.user is undefined !
if(req.session && req.session.user) {
next();
} else {
res.status(403).send({
errorMessage: 'You must be logged in.'
});
}
};
app.get("/get/contacts", authMiddleware,(req, res) => {
// ... other code
});
app.post('/api/login', validatePayloadMiddleware, (req, res) => {
if (req.body.username === "XXXXXXXX" && req.body.password === "YYYYYYYYYYY")
{
req.session.user = {"user" : req.body.username};
req.session.save((err) => {
// err = undefined !
console.log(err)
});
let body = {
id: 1,
username: req.body.username,
firstName: "FFFFF",
lastName: "SSSSS",
token: 'fake-jwt-token'
};
return res.status(200).json(body);
}
else
{
let body = {
error: true,
errorMessage: 'Permission denied!'
};
return res.status(403).json(body);
}
});
Most helpful comment
it has to do with a bug you have to
session.save()before you redirect.