Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Sharing session store between multiple session instances doesn't work
See original GitHub issueIn my code I’ve two session instances with different cookie options (domain, path). Those two express-session instances share same RedisStore with different cookie options. However it does not seem to matter which express-session instance is used, the later instantiated cookie options will be applied.
To be concrete, I wrote test case to show what I expected the results would be, but currently this test case fails:
it('should use own session opts with shared store', function(done){
// The beef: sharing same store instance. Replace with null and the test will pass
var store = new session.MemoryStore()
var app = express()
.use('/path1', createSession({store, cookie: { path: '/path1' }}))
.use('/path2', createSession({store, cookie: { path: '/path2' }}))
.use(function(req, res, next){
res.end()
})
request(app)
.get('/path2')
.expect(shouldSetCookieWithAttributeAndValue('connect.sid', 'Path', '/path2'))
.expect(200, function (err, res) {
if (err) return done(err)
request(app)
.get('/path1')
.expect(shouldSetCookieWithAttributeAndValue('connect.sid', 'Path', '/path1'))
.expect(200, done)
})
})
Should it work if one store is shared between multiple session/cookie options? Or is this just wrong usage?
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:10 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@tvainika are you using
connect-redis? Regardless, some stores will allow you to share the same connection with all of your different Store instances.For
connect-redisI believe the option is calledclienthttps://github.com/tj/connect-redis#optionsI am trying to accomplish this as well, using multiple session strategies alongside multiple authentication strategies, in order to propagate authentication from a main host (mydomain.com) to all configured subdomains underneath that host (x.mydomain.com, y.mydomain.com). I want to provide a single login destination (login.mydomain.com or mydomain.com/login) and then have user permissions defined for each subdomain to determine the level of access to be awarded to the user upon login. My plan is to have cookies store the user’s session in the browser, and for Redis to store the logged in users’ session information (and JWT) for all of the subdomains. Then, when a user visits x.mydomain.com after having logged into login.mydomain.com they will have a cookie set storing their session for x.mydomain.com.
I have isolated my redis session store to use the path /sessions and for cookies to operate on all other routes, but I am still not able to achieve the desired functionality.
I see that people are still trying to work around this, but is there any intention to patch this behavior in express-session? @joewagner @dougwilson