Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
why session lost some parameter when I get req.session again
See original GitHub issueHi, I use express-session into my project in login module, which is testing now. We integrated this project in 4 different computer. it’s good working in 3 of them. but the other has a problem: the session lost some info when I try to detect session from request again
this server can regenerate session as well as got all session parameters in first request, but when this server try to detect session by new request, it lost some parameter
scenario is:
- User login the platform via /login2platform The router will check the req.query, regenerate session, and redirect to homepage (/) This time, we can get session completely.
- Then, we refresh this page or go to another page(/productManagement), we found server lost req.session.accesstoken.
how can I fix this problem?
and the follow is my code:
= =[app.js]= =
app.use(session(
{
name: 'om.connect.sid',
secret: 'omsystem power by LIOU"s team',
saveUninitialized: false,
resave: false
}
));
= =[pagecontroller.js]= =
var express = require('express'),
router = express.Router(),
restAuth = require('./restAPI/auth.js'),
restUser = require('./restAPI/user.js');
router.get('/login2platform', restAuth.loginValidation, function(req, res, next) {
return res.redirect('/');
});
router.get('/', restUser.userValidation, function(req, res, next) {
res.render('reportManage', { title: 'SJM System' });
});
router.get('/productManagement', restUser.userValidation, function(req, res, next) {
res.render('productManagement', { title: 'SJM System' });
});
= =[auth.js] = =
loginValidation = function(req, res, next){
var wrongURL = properties.get('wrong.url');
if(!(req.query.hasOwnProperty('clientID') && req.query.hasOwnProperty('accesstoken') && req.query.hasOwnProperty('expiry'))){
return res.redirect(wrongURL);
}
req.session.regenerate(function(err) {
if(err){
console.warn(colors.red(err));
return res.redirect(wrongURL);
}
req.session.userID = req.query.clientID;
req.session.accesstoken = req.query.accesstoken;
req.session.cookie.expires = new Date(Date.now() + Number(req.query.expiry));
res.locals.isLegal = true;
return next();
});
};
= =user.js= =
userValidation = function(req, res, next){
var wrongURL = properties.get('wrong.url');
if(req.session.hasOwnProperty('userID') && req.session.hasOwnProperty('accesstoken')){ return next(); }
return res.redirect(pentaURL);
};
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@kirankashalkar @dougwilson
thanks for your suggestion. I adjust the login flow to avoid this problem
here is what I do: To change /login2platform to a page url from a rest API and call login API while page render via front-end. then, change redirect comment into location.href.
Although, I resolve the login flow, I still no idea why session lost info after res.redirect. It seems a legacy problem, not only appear in nodejs, but php, ASP.net… (maybe?)
I also found some related article that suggest DO NOT REDIRECT AFTER SESSION SETTING, so here is the reason why I change the design way.
Thanks for the follow up !