'How to set csrfToken with express-session?

I'm using express-session and connect pg simple for my session and store management like so:

app.use(
  session({
    secret: process.env.SECRET,
    resave: false,
    saveUninitialized: false,
    cookie: {
      maxAge: 604800,
      secure: isProduction ? true : false,
      sameSite: "lax",
    },
    store: new pgSession({
      pool: db,
      createTableIfMissing: true,
    }),
  })
);

I'm also implementing passport.js and everything works well but when I implement csurf middleware like so,

// CSURF
const csurf = require("csurf");
const csrfMiddleware = csurf();

app.use(csrfMiddleware);

// Register
usersRouter.get("/register", checkAuthenticated, (req, res) => {
  res.render("register", { csrfToken: req.csrfToken() });
});

// Login
usersRouter.get("/login", checkAuthenticated, (req, res) => {
  res.render("login", { csrfToken: req.csrfToken() });
});

And in my forms:

<input type="hidden" name="_csrf" value="<%= csrfToken %>" />

I'm getting errors saying that csrfToken is not defined in my view page.

There isn't much documentation about how to exactly use csrfToken with express-session and storing it in a session or maybe even in a store (connect pg simple), so is there a way I can solve these problems?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'How to set csrfToken with express-session?

Sources

Related Questions