I am using express-session with redis and as soon as I deploy the code to elastic beanstalk and use https, new session is created upon every request. If I use http then it works as expected.
The problem is not with redis as I had the same issue before when I was using the memory to store the session
const app = express();
app.set('trust proxy', 1)
app.use(session({
secret: uuidv4(),
name: 'name_',
resave: false,
saveUninitialized: true,
store: new redisStore({ client: redisClient, ttl: 86400 }),
cookie: { secure: true }
}))
Hello @siyavash4812 you will need to provide a minimal working program just the setup.
I have taken the settings you have and it is working.
const fs = require('fs');
const express = require('express');
const session = require('express-session');
const path = require('path');
const redis = require('redis');
const app = express();
const cookieParse = require('cookie-parser');
const uuidv4 = require('uuidv4').uuid;
const RedisStore = require('connect-redis')(session);
const redisClient = redis.createClient();
const https = require('https');
const debug = require('debug')('test-session');
const secret = 'some random secret 123';
app.use(cookieParse(secret));
app.use(
session({
secret: uuidv4(),
name: 'name_',
resave: false,
saveUninitialized: true,
store: new RedisStore({ client: redisClient, ttl: 86400 }),
cookie: { secure: true }
})
);
app.use('/', (req, res, next) => {
debug(`session in client is ${JSON.stringify(req.session, null, 2)}`);
req.session.status = "ok"
res.json({status: "ok"})
});
https.createServer({
key: fs.readFileSync(path.join(__dirname, './certs/key.pem')),
cert: fs.readFileSync(path.join(__dirname, './certs/cert.pem')),
passphrase: 'abc123',
}, app)
.listen(3000);
I may have mis-understood the question. So please provide more information. I'm reading this as keeps creating a new session on each request.
Apologies, it has just occurred to me. Are you calling uuidv4 each time? I am not sure of your environment but is your secret being generated each time?
Thank you for your message, the uuid is called once so I dont think that is the problem and I think If that was the issue, http would also be broken. I did some more digging and it seems like I have the exact same problem as renehauck (https://github.com/expressjs/session/issues/652). However, in my case I do receive "x-forwarded-proto": "https"
ok, so this is good information. Would it be possible to run the code with
DEBUG=express-session node app.js
so we could capture some of the output?
What I am trying to work out is for https
I finally found out what was the problem 馃帀 Cloudfront was not sending any cookies to my server. Such a silly mistake
Wow , so glad you found out. How did you work this out, and how are you going to remedy it?
closing as this is resolved, if the author provides more information it would help the community as cloudfront is widely used. What did @siyavash4812 do to allow cookie passing?