I have a very simple application set up to test my session storage, and nothing is saving. Here's the basic setup:
var sessionOptions = {
key: 'session.sid',
secret: 'Some secret key',
resave: true,
saveUninitialized: true,
cookie: {
secure: true,
maxAge: 600000
}
};
app.use(session(sessionOptions));
app.get('/user', function getUser(req, res, next) {
console.log(req.session, req.session.user);
if(!req.session.user) {
req.session.user = { test: 'test' };
res.status(403);
return res.send('Not logged in');
}
res.send(req.session.user);
});
This should return a 403 status on the FIRST request only, but it's returning a 403 every time I reload the page. Am I totally missing something?
With secure: true option, you need to be accessing the site over HTTPS (i.e. not just http://localhost) AND you have to have express correctly configured (see https://github.com/expressjs/session#cookie-options). Your code is running fine for me when I met those requirements or removed secure: true.
Well, crap. I figured it had to be something simple. Thanks for the help!
No problem! And as an additional tid-bit, if you set the environment variable DEBUG=express-session you'll get some various messages on your console about what is going on in the module, though they are a little cryptic.
Very glad this issue exists, it saved us on our project!
i am also facing the same issue can any one solve my problem
Most helpful comment
With
secure: trueoption, you need to be accessing the site over HTTPS (i.e. not justhttp://localhost) AND you have to have express correctly configured (see https://github.com/expressjs/session#cookie-options). Your code is running fine for me when I met those requirements or removedsecure: true.