Session: Session not saving when redirect

Created on 7 May 2019  路  22Comments  路  Source: expressjs/session

When an user logs in the data is saved in req.session, then I redirect the user to the homepage using res.redirect(url);. The problem appears when that redirect execute, the data from the session get lost but if instead of redirecting I go to the homepage manually (with the browser), the session data is available.

Here are some snippets of my code:

main.js:

var session = require('express-session');
var mySQLStore = require('express-mysql-session')(session);

let sessionConfiguration = session({ /*Session configuration */});

function checkSession(req, res, next) {
  if(req.session.user) {
    console.log("Exists");
    console.log(req.session.test);
    next();
  } else {
    console.log("No exist :( ");
    next();
  }
}

app.use('/', sessionConfiguration, checkSession, router);

redirect.js:

router.get('/route', function (req, res) {  

     req.session.test = "hey"
     console.log(req.session.test);

      //Data get lost here
      res.redirect("/");

  });

Also, the data of the session that remains when the redirect is done is this:

{"cookie":{"originalMaxAge":3600000, "expires":"2019-05-07T21:15:06.727Z", "httpOnly":false, "path":"/", "sameSite":true}}

question

Most helpful comment

I had this issue and I resolve it by removing the sameSite option which was set to strict and I totally forgot about it. Maybe a log in the console could help developers when the cookie is not set due to same site policy being violated

All 22 comments

Due to how most web browser handle redirects, you need to save before the redirect (https://github.com/expressjs/session#sessionsavecallback).

@dougwilson Also tried that, still not working

What does your code look like when trying it?

@dougwilson In redirect.js:

router.get('/route', function (req, res) {  

     req.session.test = "hey"
     console.log(req.session.test);

      req.session.save(function(err) {
         if(!err) {
             //Data get lost here
             res.redirect("/");
         }
      });

  });

Hm, that should work. I'll reopen so we can investigate. Can you provide a full app and reproduction steps?

@dougwilson Well the full app is the code provided earlier with the express module, the router (which is a require for the router.js) and the line which listens for connections, its only that

Right but it doesn't run as is. I modified it enough to actually run and then I had no issue and session didn't loose data after I made the session save modification as well.

@dougwilson Can you show the code please? Which version are you using? This is really really weird :/

I am using latest. I already left work and you'll have to wait until I get back on Thursday to get the code I had.

@dougwilson What's the code?

I had to stay home today, but plan to be in tomorrow.

@dougwilson any update? :S

I had this issue and I resolve it by removing the sameSite option which was set to strict and I totally forgot about it. Maybe a log in the console could help developers when the cookie is not set due to same site policy being violated

ping @alex55132 - did @frnk94 's suggestion help you?

@gireeshpunathil Nope :(

@alex55132 Can you share your code and steps to reproduce it?

@alex55132 Please find the session persistence with redirection example here :
https://gist.github.com/HarshithaKP/3d9ad81138245aa7527bf385d37daba7
Let me know if it helps resolving your issue.

Same issue
@HarshithaKP, It did not help

hello @alex55132 has this issue be resolved to your satisfaction? Are there additional questions associated with this issue. If there are not any current issues I would like to close this.

I don't have the code I was working with anymore, I'll reopen if the problem appears again in the future. Closing

@dougwilson Hey, I have a similar issue. Could you please help me out here? https://github.com/expressjs/session/issues/790

This did the trick for me inside an async function. I am using express-session with the @google-cloud/connect-firestore.

const myFunc = async (request, response) => {
    //...
    // save session before redirecting
    return new Promise((resolve, reject) => {
      request.session.save((err) => {      
        // redirect home
        if (err) {
          reject(err);
        }
        resolve(response.redirect('/'));
      })
    });
};
Was this page helpful?
0 / 5 - 0 ratings

Related issues

renehauck picture renehauck  路  16Comments

gk0us picture gk0us  路  18Comments

prashanshan6 picture prashanshan6  路  12Comments

antishok picture antishok  路  27Comments

azfar picture azfar  路  14Comments