Session: Sometimes req.session clears

Created on 2 Aug 2017  路  3Comments  路  Source: expressjs/session

Hi all,

This is a strange problem that happens rarely (and most of the times in Internet Explorer - it seems a server related problem so it's even stranger).

My authentication code has two endpoints, where the second is the callback from the OAuthProvider.

function auth(req, res, next) {
    var oauth = new OAuth.OAuth(authVars.requestTokenURL, authVars.accessTokenURL, authVars.clientKey, authVars.clientSecret, '1.0', authVars.callbackUri, 'HMAC-SHA1');
    return oauth.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
                req.session.oauth = {
                      'oauth_token': oauth_token,
                      'oauth_token_secret': oauth_token_secret
                };
                logger.info(`Auth Controller ENDPOINT1 ${JSON.stringify(req.session.oauth)}`);
                return res.redirect('https://FAKEPROVIDER.com/oauth/authorize?oauth_token=' + oauth_token);
     })
}

And for the callback endpoint:

function callback(req, res, next) {
    logger.info(`Auth Controller - ENDPOINT2: req.session.oauth ${JSON.stringify(req.session.oauth)}`);
        var oauth_credentials = req.session.oauth,
            verifier = req.query.oauth_verifier;
etc...

The problem is that sometimes the log "ENDPOINT2" prints "undefined" ALTHOUGH at the first endpoint it prints the object with both the token and the token secret. It seems, the session is being cleared between the two calls.

The problem is that it's hard to debug because I can't even force the problem to occur.

Any help will be appreciated.

question

All 3 comments

@UnderTheMoonspell That's a tough one... My thought is that if its only happening occasionally its probably an issue with the existence of the cookie in the request to the second endpoint. Perhaps you can log the HTTP requests along with the session values, and gain some insight?

I think I have found the problem. It has nothing to do with express-session. It seems that Internet Explorer sometimes calls the callback endpoint two times (god knows why) and the oauth variables are deleted after successful authentication on the first call. You can Close this thread :) thanks for the help @joewagner

@UnderTheMoonspell glad you found the issue

Was this page helpful?
0 / 5 - 0 ratings

Related issues

sarovin picture sarovin  路  4Comments

richiepreece picture richiepreece  路  5Comments

noisytoken picture noisytoken  路  4Comments

horses picture horses  路  5Comments

mjquito picture mjquito  路  4Comments