Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can't set manual sessionID

See original GitHub issue

Similar to #148, I’m can’t seem to set a manual sessionID. Setting it in signedCookies like seems to be the solution doesn’t seem to work:

app
  .use(function(req, res, next) {
    if(req.query.sessionID) {
      req.signedCookies["connect.sid"] = req.query.sessionID;
    }
    next();
  })
  .use(session({
    httpOnly: false,
    secret: 'secret',
    resave: false,
    saveUninitialized: true
  })
  .get('/session', function(req, res) {
    console.log('sessionID:', req.sessionID);
    req.session.tmp = req.session.tmp + 1 || 0;
    req.session.save();
    res.send('session: ' + req.session.tmp);
  })

When I hit http://localhost:3000/session?sessionID=42 a couple of times, the counter goes up. When I hit that exact same url in a different browser I expect it to pick up the count from the session, but it does not.

An observation: The log for req.sessionID is not what I gave to the query string, so I guess it’s initialising its own sessionID instead.

I’ve also tried a custom genid like so:

  .use(session({
    httpOnly: false,
    secret: 'secret42',
    resave: false,
    saveUninitialized: true,
    genid: function(req) {
     return req.query.sessionID || uuid.v1();
   }
  })

This seemed like a cleaner solution anyway, but it also doesn’t work for me. It sets the sessionID correctly for the first hit, but it won’t update it for requests with a different sessionID.

Any help on this would be great!

Issue Analytics

State:
Created 8 years ago
Reactions:4
Comments:17 (7 by maintainers)

Top GitHub Comments

4reactions

em92commented, Jun 4, 2018

Middleware configuration:

const uid = require("uid-safe").sync;

var middleware = session({
  genid: function(req) {
    if ( (req.session) && (req.session.uid) ) {
      return req.session.uid + "_" + uid(24);
    } else {
      return uid(24);
    }
  }
  secret: config.cookieSecret,
  store: sessionStore,
  resave: false,
  saveUninitialized: false
})

On successfull authentification:

req.session.uid = data.id;
req.session.regenerate(function (err) {
  if (err) throw err;
  req.session.uid = data.id;
  // ...
});

2reactions

mgtttcommented, Apr 12, 2018

really need to set the manual sessionID

Top Results From Across the Web

I can't change PHP session id - Stack Overflow

Try using the session_regenerate_id function: http://php.net/manual/en/function.session-regenerate-id.php.

session_id - Manual - PHP

session_id() is used to get or set the session id for the current session. The constant SID can also be used to retrieve...

Changing the session_id Manually - Amplitude Community

Hey folks,. I am not able to set the session_id manually using the js sdk. Is there any way where i can change...

Manually changing the sessionId / persistent character

If your room is set to autoDispose = false (https://docs.colyseus.io/server/room/#autodispose-boolean) the state is kept, so can keep your character data in.

SearchOptions.SessionId Property (Azure.Search.Documents)

The value used as sessionId cannot start with a '_' character. ... sessionId is used, a best-effort attempt will be made to target...