Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Chrome/FF follow redirect before session is fully saved

See original GitHub issue

Here’s a simple testcase incrementing a counter: https://gist.github.com/antishok/fb3d003d16eb72f672a7cc36401657d9 On chrome I have to refresh after incrementing in order to see the new count.

In response to a request, I write to the session and send a redirect to another page, but the new page is rendered with the old session data, and the changes I just wrote are not visible. The new data appears only after refreshing the page.

This only happens in Chrome, maybe due to an optimization they added that follows a redirect before the redirect response even ended.

I’m using connect-session-knex with postgresql to store my session data. If I use the MemoryStore, or use sqlite3 instead of postgresql, it works fine, but probably only because writing to them is much quicker.

The gist also includes debug logs for the request (one when I tested with chrome, and one with firefox). You can see that for chrome, the new url is fetched before the session has finished saving, and before the redirect response ends. (The logs include a log I manually added in the beginning of express-session’s writeend() function, to indicate when a response actually ends)

Thanks! And thanks to @joepie91 for figuring out where the issue lies

Issue Analytics

State:
Created 7 years ago
Comments:28 (8 by maintainers)

Top GitHub Comments

2reactions

mjquitocommented, Mar 1, 2018

settings of ‘resave’ and ‘saveUninitialized’ may cause race conditions. I configured my app to work with them set to ‘false’ They are true by default. Read document for more detail info. https://www.npmjs.com/package/express-session#saveuninitialized

2reactions

joepie91commented, Sep 11, 2016

Couldn’t this be avoided by adding req.session.save() right after line#30

Yes, it could, but this would be a leaky abstraction and a footgun.

but I feel like buffering the entire request and waiting for a full write for anyone who redirects isn’t exactly good performance wise either

I understand the concerns, but this would not be any different when calling save manually - you still have to wait for the session save to complete before writing the header. Since express-session already short-circuits when there’s no modified session data to save, a patch in express-session for redirects would not incur a performance penalty.

especially since you currently can strategically place the force saves.

That’s a workaround, not a fix.

Top Results From Across the Web

Why is session variable not being saved after redirect in ...

In Firefox, the session variable is saved and retrievable after the redirect but in Chrome, after redirect, it says it doesn't exist.

How can I make Chrome stop caching redirects? - Super User

Google Chrome will cache your 301 redirects. To get around this, and to keep the tabs open, you'll just need to clear your...

Detect and get rid of unwanted sneaky mobile redirects

When implemented properly, these user-centric modifications can be understood very well by Google. The situation is similar when it comes to mobile-only ...

Use Chrome Browser with Roaming User Profiles

The file can also be stored in %ONEDRIVE%/Google/Chrome by changing the roaming profile location to OneDrive. If you change or redirect the location...

How to Troubleshoot Browser Content Redirection

To support whitelisted websites that navigate away to a 3 rd -party site for authentication before redirecting back to the whitelisted site, configure...