Session: Getting a new session after redirect

Created on 12 Jul 2017  Â·  2Comments  Â·  Source: expressjs/session

I have an app (localhost:3000) and a REST Api (localhost:3001). Each user makes a call to the API with an unique token. I am trying to save this token on the server side through sessions, as follows:

app.get("/endpointA", (req, res, next) => {
  req.session.token = req.query.token;
  req.session.save(next);
}, …);

After several redirects to 3-rd party services, it redirects users back to my API, but the old session is not available at this point (session id has changed):

app.get("/endpointB", (req, res, next) => {
  console.log(req.session.id);
  console.log(req.session.token);
});

I've tried to regenerate session, but it outputs Error: failed to load session. Any ideas of why the req.session.id is changing after those redirects?

Console output:

=> localhost:3001/endpointA
Session id:   1FR9LZOWnhWlvE7grIUuXQmbzUSvw08V
Token:        57wGg0AW_-EG0-EyAAAB

=> localhost:3001/endpointB
Session id:   ezIHVpwFHHipc8fQeGrSbRVhFmedtczF
Token:        undefined
awaiting more info

Most helpful comment

I've found the issue, it's quite embarrassing. I thought that 127.0.0.1:8000 and localhost:8000 are the same, but apparently those are handled differently by express.js. So the client was requesting 127.0.0.1:8000 and 3-rd party service was returning data to localhost:8000 - thus the session ID was different for each _domain_.

All 2 comments

There are a lot of possibilities and nothing specific jumps out from the description. Is it possible you can provide all the following so we can take a look?

  1. Version of this module you're using.
  2. Version of Node.js
  3. Complete source code that reproduces the issue. A git repo of a simple example app works well.
  4. Complete instructions for how to setup the app and reproduce the issue.

I've found the issue, it's quite embarrassing. I thought that 127.0.0.1:8000 and localhost:8000 are the same, but apparently those are handled differently by express.js. So the client was requesting 127.0.0.1:8000 and 3-rd party service was returning data to localhost:8000 - thus the session ID was different for each _domain_.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

azfar picture azfar  Â·  14Comments

rukshn picture rukshn  Â·  20Comments

scaryguy picture scaryguy  Â·  16Comments

neutron92 picture neutron92  Â·  20Comments

nhitchins picture nhitchins  Â·  20Comments