'Session Lost using nodejs express, cors, express-session

Working on a backend using nodejs, express, express-session, cors & cookie-parser to communicate with a react app that use axios to send http request, and using mariadb for the database.

Using both of them on localhost (3000 front end, 3001 backend) work fine, session is correctly saved and can be retrieved / used (I just pass the user data).

When deploying the backend on either local network or an EC2 instance from aws, the req.session return only the parameters set on "cookies" in the app.use(session({}) when called after being set on the login.

app.js:

const express = require('express');
const cors = require('cors');
const session = require('express-session');
const pool = require('./config/database');
const cookieParser = require('cookie-parser');


const app = express();

app.use(express.json());
app.use(cors(
    {
        credentials: true,
        origin: true,
    }
));

app.set('trust proxy', 1)
app.use(cookieParser());


app.use(session({
    secret: 'cat on keyboard',
    saveUninitialized: false,
    resave: false,
    cookie: { httpOnly: false, maxAge: 1000 * 60 * 60 * 24 }
}));

The req.session set

getAccountIdByEmail: async (req, res) => {
// connect & retrieve user from credentials //
 req.session.logged_user = user[0][0];
 return res.status(200).json({ success: user[0][0] })
};

The axios call from react app:

const fetchData = () => {
        if (adress.charAt(0) == '/') {
            adress = endpoint + adress;
        }
        axios({
            method: method,
            url: adress,
            data: content,
            withCredentials: true
        })
            .then((res) => {
                setResponse(res.data);
            })
            .catch((err) => {
                setError(err);
            })
            .finally(() => {
                setloading(false);
            });
    };

At first i thougt it came from Nginx on Aws EC2, but it does the same calling directly on port 3001 of the instance, then i had the same issue on a local network. I've tried also to use a store (express-session-mariadb-store or express-mysql-session), without success. I think it might be tied to cors or headers, but couldn't pinpoint what doesn't work.

node.jsexpresssessioncookies


Solution 1:[1]

I noticed on express-session-npm

there is a disclaimer saying it is only for development and will have memory leaks if deployed in production

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Oss Kell

Related Questions