Session: Getting a new session at every request

Created on 26 Feb 2017  路  4Comments  路  Source: expressjs/session

I'm pretty new to express-session.

I'm using mongo-connect instead of MemoryStore as recommended.

But I'm facing this weird behaviour:

import express from 'express'
import bodyParser from 'body-parser'
import connectMongo from 'connect-mongo'
import session from 'express-session'
import cookieParser from 'cookie-parser'

import { getUser } from './lib/user'

// CORS middleware
const allowCrossDomain = function(req, res, next) {
  res.header('Access-Control-Allow-Origin', '*')
  res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE')
  res.header('Access-Control-Allow-Headers', 'Content-Type')

  next()
}

const app = express()

const MongoStore = connectMongo(session)

// parse text/json
app.use(bodyParser.json())

app.use(session({
  secret: 's3cr3et',
  resave: false,
  saveUninitialized: false,
  store: new MongoStore({ url: 'mongodb://localhost/app' }),
  cookie: { secure: false }
}))
app.use(cookieParser('s3cr3et'))
app.use(allowCrossDomain)

app.get('/client', async (req, res) => {
  const { session: sess } = req
  console.log(req.session.b) // prints undefined at every request
  if (!req.session.b) req.session.b = 0
  req.session.b += 1
  res.json(await getUser(sess))
})

I keep getting undefined, can't see what I'm possibly doing wrong 馃

express-session@^1.15.1 and connect-mongo@^1.3.2

Note that req.sessionID is different everytime

question

Most helpful comment

It's possible your issue is because your CORS is not setup correctly if your front end is not on the same host as your server. Can you replace your allowCrossDomain function with the cors middleware?

app.use(cors({ credentials: true, origin: true }))

All 4 comments

It's possible your issue is because your CORS is not setup correctly if your front end is not on the same host as your server. Can you replace your allowCrossDomain function with the cors middleware?

app.use(cors({ credentials: true, origin: true }))

@dougwilson indeed, problem is with CORS.

Works as expected after removing CORS and moving the front to the same origin as my API server.

Using the cors middleware and allowing * origin like so doesn't solve the problem.

Even though I would have the front served by the same server as the back, it's still very useful to be able to work with session in dev mode 馃槙

cf. https://github.com/expressjs/session/issues/237#issuecomment-279211605

Hi @MayasHaddad good to hear you solved your issue, as I suspected it was CORS since you had that in there. Credentials will never work if you allow the * origin, as defined by the CORS specification. Did you try using the code I posted above? It looks like from your response you tried a different module. I was referring to our module: https://github.com/expressjs/cors

@MayasHaddad Follow the steps on the link, it works well for me, and i was able to use the different domains.

http://nodeblog.tumblr.com/post/100483885113/cross-domain-session-support-in-nodejs

Was this page helpful?
0 / 5 - 0 ratings