Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Session Management

See original GitHub issue

##Sessions are only persisting after the user is logged in. While this is typical behavior, where is this decision made in the code? I want to modify it so that the session will be created on user visit and persist on further visits. I am using session-file-store with express-session.

I have also tried saving session objects to the request, but the session will not persist until a user is logged in.

Any help please? If someone could point me to the code where authentication causes the sessionID to persist, that would be very helpful.

Here is the session code I added:

var FileStore = require('session-file-store')(session);

app.use(session({
    name: 'server-session-cookie-id',
    secret: 'random stuff',
    store: new FileStore(),
    saveUninitialized: false,
    resave: false
}));

Issue Analytics

State:
Created 7 years ago
Comments:5

Top GitHub Comments

1reaction

roof12commented, Jun 1, 2016

Dang, right when I am able to recreate what I thought you were experiencing you tell me it works for you. You’ve probably moved on, but I’ll add a little here in case it helps anyone else.

Only API calls will trigger the session creation. It seems that the session is created and saved to the file system correctly. However, when the API call comes from the server, the cookie never makes it to the browser. This is by correct by the design of the application.

If you want server API calls to receive the newly created cookie, you’ll have to make some changes, probably in ApiClient.

0reactions

ExDrcommented, Jun 1, 2016

Closing this. The problem seems to have been resolved by re-installed the node_modules. Thanks for the help.

@roof12 Thank you for the help on this issue.

I have no problem getting the session to save to the sessions directory. My problem is getting the session to persist without a user actually logging in.

Two points:

When a user is logged in, the sessionID persists on further requests. This is expected behavior, the application only cares about the session for the logged in user name, like you say.
When a user is not logged in, the sessionID does not persist (but I want it to). On further requests, a new sessionID is produced even if information is saved to the session object (why does this happen?)

In api/actions/login.js, a user is saved to the sessions object. When I duplicate this code in another API endpoint, the sessionID does not persist. Why would this be? I want the sessionID to persist on page visit, but how?

Top Results From Across the Web

Session Management Cheat Sheet

The session management implementation defines the exchange mechanism that will be used between the user and the web application to share and continuously ......

Session Management: An Overview | SecureCoding.com

Session management manages sessions between the web application and the users. The communication between a web browser and a website is ...

Application Session Management in Web Technology

Session management refers to the process of securely handling multiple requests to a web-based application or service from a single user or entity....

Session Management in HTTP: How does it work?

Session management is used to facilitate secure interactions between a user and some service or application and applies to a sequence of ...

Session Management

Sticky sessions, also known as session affinity, allow you to route a site user to the particular web server that is managing that...