Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

In Express Session Every Time new session id is generated on ajax call

See original GitHub issue

I am Using expression-session and express-mysql-session for storing in database but on every ajax returns new session id.For more info calling from http only.This issue is not coming when i disable security of browser.``

My Code is

var express = require('express');
var mysql = require('mysql');
var jwt = require('jsonwebtoken');
var session=require('express-session');
var MySQLStore = require('express-mysql-session')(session);

var options = {
    host: 'localhost',// Host name for database connection.
    port: 3306,// Port number for database connection.
    user: 'root',// Database user.
    password: '',// Password for the above database user.
    database: 'node',// Database name.
    checkExpirationInterval: 900000,// How frequently expired sessions will be cleared; milliseconds.
    expiration: 1512671400000,// The maximum age of a valid session; milliseconds.
    createDatabaseTable: true,// Whether or not to create the sessions database table, if one does not already exist.
    connectionLimit: 10,// Number of connections when creating a connection pool
    schema: {
        tableName: 'sessions',
        columnNames: {
            session_id: 'session_id',
            expires: 'expires',
            data: 'data'
        }
    }
};

var connection = mysql.createConnection(options); // or mysql.createPool(options);
var sessionStore = new MySQLStore({}/* session store options */, connection);
var router = express.Router();

router.use(session({
    name: 'session_cookie_name',
    secret: 'session_cookie_secret',
    store: sessionStore,
    resave: false,
    saveUninitialized: true,
    cookie: { path: '/', httpOnly: false, secure: false, maxAge: 365 * 24 * 60 * 60 * 1000 }
}));

router.get('/session', function(req, res, next) {
    res.setHeader("Access-Control-Allow-Origin", "*");
    res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    res.send(req.sessionID);
});

Issue Analytics

State:
Created 6 years ago
Comments:18 (10 by maintainers)

Top GitHub Comments

2reactions

ottiscommented, Jun 15, 2018

Actually (for my situation at least) I’ve come across a solution for this right after I posted lol updated below:

fetch('/api/test', {
  credentials: "same-origin"
})
  .then(resp => resp.json())
  .then(res => {
    console.log(res);
  });

So (with fetch at least) it doesn’t send cookies by default, you need to set credentials to “same-origin”. This kicks the express-session into gear to use the correct session for the request. @brijeshIOGit / @ricfernandes not sure if this helps? Maybe double check the request is actually sending the HTTP cookie header.

0reactions

dougwilsoncommented, Nov 4, 2018

Thanks @ottis ! I’m going to close this since we have a solution 🎉