Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Race condition: `store.get()` called before `session.save()` is complete
See original GitHub issueSometimes, when a user signs into my app, they are registered as not being logged in. I’ve narrowed it down to what seems to be a race condition in this library.
The tl;dr is that the .save() function is called from the index.js file of this library, initiating the process of saving the session to the DB. However, the middleware continues on its way, calling .get() before the session has saved. Therefore, it doesn’t find the session, and doesn’t set it to req.session.
This leads Passport downstream to think that the user isn’t authenticated. When the user refreshes, typically the save has finished at that time, and they are now logged in.
Has anyone encountered this before?
I’m using this with Passport and simple-pg-connect for persisting the session to the DB, but every other piece to the puzzle seems to be working correctly except for this one (at least, from what I can gather).
The project that this is going in is open source. The middleware is being configured here:
https://github.com/jmeas/finance-app/blob/google-sign-in/server/app.js
and the Passport configuration can be seen here:
https://github.com/jmeas/finance-app/blob/google-sign-in/server/utils/configure-passport.js
Issue Analytics
- State:
- Created 7 years ago
- Reactions:1
- Comments:10 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The behavior I am taking about should be in your code. When you are setting properties on re.session in your code, are you then calling res.redirect() or some other method to respond? What about the logout method, how are you actually responding yo the user, with a redirect?
If you are responding with a redirect, many web browsers will redirect before they even finish receiving the response. You can see if this is the case for you be not calling res.redirect until after the session has saved in your login routine. Example:
The code you linked to is too complex for me to see on my phone and understand. Can you provide a case where this happens that does not use passport to rule out passport as the cause? Please link to a reproduction case. If you think you have found an issue,by all means, please feel free to provide pull request with a fix! Be sure to include a test that demonstrates the issue that failed without your change and passes with it 😃
If you are doing a redirect on the login process, that can cause this in certain web browsers that perform the redirect before they even finish receiving the response. You can see if this is the case for you be not calling res.redirect until after the session has saved in your login routine. Example: