'express-session unable to retrieve session variable
I am using express-session to store my sessions persistently on a MongoDB database.
The project worked perfectly in a development environment but for some reasons the session variable saved in case of successful login is not sent to the front-end (it's undefined) in a production envirornment:
server.js [backend]
const express = require('express');
const app = express();
const controllers = require('./controllers/adminControllers');
const router = require('./router/adminRouter');
const bodyParser = require('body-parser');
const cors = require('cors');
const dotenv = require('dotenv').config()
const session = require('express-session');
const MongoDBStore = require('connect-mongodb-session')(session);
app.use(cors({
origin: 'http://localhost:3000',
optionsSuccessStatus: 200,
credentials:true
}))
var store = new MongoDBStore({
uri:process.env.MONGO,
collection:'mySessions'
})
store.on('error',function(error){
console.log('session error');
});
app.use(require('express-session')({
secret:'justasecret',
cookie:{maxAge:1000 * 60 *60 *24*7},
store:store,
resave:true,
saveUninitialized:true
}))
app.use(bodyParser.urlencoded({ extended: true }))
app.use(bodyParser.json())
app.use((req,res,next)=>{
console.log(req.session);
next()
})
app.use('/', router);
app.listen(process.env.PORT || 3001);
login_controller.js [backend]
req.session.isLogged =true;
req.session.user = user;
req.session.save()
res.json({success:true});
As you can see from the code above session variable stores the user object persistently, the user object does get saved in the MONGO database, but it does not get retrieved apparently.
get_user_frontend [frontend]
fetch('https://backend-server/get_user',{
credentials:'include',
})
get_user_controller.js [backend]
exports.getUser = (req,res,next)=>{
if(req.session.isLogged===false){
return res.json({user:{isLogged:false}})
}return res.json(req.session)}
The above middleware is responsible for sending user data at every frontend call, but for some reason res.session.isLogged is undefined, as well as the req.session.user object.
the only data I am able to retrieve from the req.session variable is:
cookie: {originalMaxAge: 604800000, expires: '2022-05-14T07:56:24.626Z', httpOnly: true,
path: '/'}
While in the MongoDB database data is stored correctly:
_id:"LfoXW1yf_E8gLMyMLtlesuBVevVAJjm9"
expires:2022-05-13T09:05:59.386+00:00
session:Object
cookie:Object
isLogged:true
user:Object
I fail to understand why the session variable does not persist in the backend, even if it get stored in the database correctly.
Solution 1:[1]
I actually solved the problem making the following changes in the express-session cookie configuration:
app.set("trust proxy", 1); //<--
app.use(session(
{
secret: 'iamjustasecret',
store: store,
maxAge:100000,
proxy:true, // <----
cookie: {
httpOnly:true,
sameSite: process.env.NODE_ENV === "production" ? 'none' : 'lax', //<--
secure: true
}}))
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Marc Abdel Wahed |