I'm experiencing issue #74 that was closed. There are also similar issues reported in stackoverflow.
Problem: Race condition when using req.session.save()
Explanation:
...
router.get('/logout', function(req, res, next){
req.logout();
res.redirect('/')
});
...
I'm trying to do a successful logout. I first call req.logout() to update the req.session and then I call res.redirect('/') to have express-session update the session to a file. I'm using the store session-file-store. The problem lies when res.redirect('/' calls res.end() inside the ./express-session/indes.js
res.end(){
...
if (shouldSave(req)) {
req.session.save(function onsave(err) {
if (err) {
defer(next, err);
}
writeend();
});
return writetop();
} else if (storeImplementsTouch && shouldTouch(req)) {
...
req.session.save gets run asynchronously, which then immediately the redirects happens which loads a session, but the req.session.save hasn't finished yet updating the file! which then the old state of the session gets loaded and then the req.session.save finishes, but its too late:(
...
"express": "4.16.2"
"express-session": "1.15.6"
"session-file-store": "1.1.2"
...
app.use(session({
store: new FileStore(),
secret: 'keyboard mouse',
resave: false,
saveUninitialized: false
}));
...
I hope this makes sense. I tried the workaround offered in #74 to call res.session.save before the redirect BUT then I end up calling the res.session.save twice! which #74 supposedly should have fixed it.
Other similar issues
This is a known issue. Either call req.session.save in your code and put res.redirect in the callback to that or make a pull request with a solution. No one (even myself) has been able to make a workable patch yet.
Closing as duplicate of #360 (let me know if you think this is not a duplicate and why and I can reopen).
Thank you @dougwilson for the prompt response. Yes, same issue. This is a great library but I'm a bit in shock this problem exists in a library that is heavily used for other libs and apps.
Yea, I would like to fix it, but not certain how. Any thoughts on it would be much appreciated!