'Node js express-session creating new session id every time I refresh or access the page

I am facing the issue : on every request new sessionID is getting created. Can someone throw light at this ?

Versions I am using:

NODE VERSION: v6.10.3 NPM VERSION: 3.10.10 [email protected] [email protected]

Also what is the default value for maxAge if I am not setting the cookie specifically ? Not sure if its required.

Do you see any issue with the code below ? Please assist as I am stuck.

      var app = express();
        app.use(express.static(path.join(__dirname, 'landing')));
        app.use(bodyparser.json());
        app.set('trust proxy', 1) // trust first proxy
        app.use(session({
        secret: 'keyboard cat',
        resave: false,
        saveUninitialized: true,
        cookie: {secure: true}
    }))

    app.get('/', function (req, res) {
        res.sendFile(path.join(__dirname, 'landing', 'index.html'));
    });


    var contextPath = '/myportal';

    //UI url
    app.get(contextPath, function (req, res) {
        var reqValues;
              logger.info("req sessionID is :::" + req.sessionID);
           // do something
                } 
        app.use(express.static(path.join(__dirname, 'build'))); //react UI path
        res.sendFile(path.join(__dirname, 'build', 'index.html'));
  }    

    //health check url
    app.get(contextPath + '/health', function (req, res) {
        logger.info("env is " + env);
        logger.info("myportal health is ok");
        res.send('Health Ok!\n');
    });
node.jsnpmsessionidexpress-session


Solution 1:[1]

If still anyone is looking for an answer. (After working a lot following code worked for me. correct me if I am wrong)

REASON: express session stores sessionID in cookie and it will set that cookie in frontend(browser and you can see that cookie called connect.sid in browser) from backend(server). Whenever any request comes from browser first it will check for that cookie(in which sessionID is stored.) If it finds the cookie it doesn't create new session otherwise it will create again a new session.(you can check it by logging req.sessionID in requests)

SOLUTION: To overcome this for every request we are making from frontend(browser) we have to send that cookie to backend(server). Server will automatically parse cookie and doesn't create any new session for every request.

I was using axios for request calls in which for every request I was adding {withCredentals:true} so that browser can send cookies to backend server(automatically). Following code was worked for me.

app.js

require('dotenv').config({path:'./config.env'});

const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const mongoose = require('mongoose');
const cors=require('cors');
const uuid = require('uuid/v4')
const cookieParser = require('cookie-parser');
const session = require('express-session');
var FileStore = require('session-file-store')(session);

app.use(cors({
 origin:[process.env.ORIGIN],//frontend server localhost:8080
 methods:['GET','POST','PUT','DELETE'],
 credentials: true // enable set cookie
}));

app.use(cookieParser(process.env.SESSIONSECRET)); // any string ex: 'keyboard cat'
app.use(session({
  secret: process.env.SESSIONSECRET,
  store:new FileStore,
  cookie:{
    maxAge:36000,
    httpOnly:false,
    secure:false // for normal http connection if https is there we have to set it to true
    },
  resave: false,
  saveUninitialized: true
})) 

app.use(function(req, res, next) {

res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE');
res.header("Access-Control-Allow-Origin", process.env.ORIGIN);
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-   Type, Accept, Authorization");
next();
});

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));

// rest of code is your mongo connection

axios rest calls::

 axios.defaults.withCredentials = true;
 axios.get('http://localhost:8080/getDetails',{
           headers:{
                    withCredentials:true,

                   }
  });

Solution 2:[2]

it's a cookie problem

create a env for development and production

const SessionCookie = process.env.NODE_ENV == "dev" ? {
    secure: false,
    sameSite: "lax",
    maxAge: 1000 * 60 * 60 * 60 * 24 * 2//2 day
} : {
    secure: true,
    sameSite: "none",
    maxAge: 1000 * 60 * 60 * 60 * 24 * 2//2 day
}

app.set('trust proxy', 1) // trust first proxy
app.use(expressSession({
    name: "test-me-esc",
    secret: 'keyboard cat',
    store: new FileStore({}),//change your store here.
    resave: false,
    saveUninitialized: false,
    cookie: { ...SessionCookie } as any
}))

this will work on localhost: chrome, brave, firefox.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 Mr Joker

Related Questions