Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Session not set immediately after login

See original GitHub issue

I’m using this library with express-session, passport, and the Passport Google OAuth2.0 lib. When the user approves of logging in and gets redirected, req.user is not set (nor, say, req.session.passport.user). I send this info over to the client, so that they know who is logged in. Because it isn’t sent, the client believes that the user has not logged in, and redirects them back to the login page. If the user then refreshes that page, things are set at that time, and they are considered logged in.

The cookie is set, but the presence of the cookie isn’t very reliable. For instance, when they’re logged out, the cookie currently sticks around.

I set this app by following this example, using the in-memory session. The user was set immediately on being redirected. When I refactored to add in this lib, it no longer worked the same way.

Is this an issue anyone else has run into before? I’ve tried switching around the resave and saveUnitialized options to see if those would affect this, but with no luck.

The code is pretty awful – I’m trying to get it to work before refactoring – but you can see the configuration here.

Results of the investigation:

  • It’s also lagging behind when the user gets logged out. After hitting the /logout endpoint, they’re sent the user info until they refresh. Update: calling req.session.destroy explicitly fixed this. Full code at the end of this post.
  • Switching to pg rather than pg-promise did not solve the issue
  • Switching from multiple to a single process didn’t fix it either
Logout code

Simply calling req.logout() wasn’t working. Explicitly calling req.session.destroy(), on the other hand, forces the session to be destroyed 100% of the time.

app.get('/logout', (req, res) => {
  req.logout();
  req.session.destroy(function (err) {
    res.redirect('/login');
  });
});

Issue Analytics

  • State:closed
  • Created 7 years ago
  • Comments:22 (2 by maintainers)

github_iconTop GitHub Comments

21reactions
jamespleasecommented, Jul 5, 2016

For me, the issue turned out that Chrome doesn’t wait for the whole response before redirecting. So express-session’s attempt to save to the DB wasn’t completed before the new request began. You can force it to wait by delaying the call to the redirect until you’re sure that the session is saved. In my app, this looked like:

app.get('/auth/google/callback', passport.authenticate('google', redirects),
  function(req, res) {
    // Explicitly save the session before redirecting!
    req.session.save(() => {
      res.redirect('/success');
    })
  });
1reaction
jdposthumacommented, Jul 4, 2016

Will send example tomorrow.

On Monday, July 4, 2016, James, please notifications@github.com wrote:

@jdposthuma https://github.com/jdposthuma just tried that – didn’t work for me. I placed it between app.use(session({ … })) and app.use(passport.initialize(). Do you have an example app anywhere showing how you’ve configured it?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/voxpelli/node-connect-pg-simple/issues/31#issuecomment-230357314, or mute the thread https://github.com/notifications/unsubscribe/AOfspAtIiut9nDtVyxxH4HrQHRf59cyoks5qSX89gaJpZM4ISiZ1 .

Jason Posthuma Developer 303-210-4525

Read more comments on GitHub >

github_iconTop Results From Across the Web

Session not being passed first time on log in - Stack Overflow
1. Try going to mysite.com/subfolder/partner_login.php and logging in then try going to mysite.com/subfolder/partner_login.php and login and see if one works ...
Read more >
Troubleshooting Session Manager - AWS Documentation
Problem 1: You want to start a session on the Start a session console page, but a managed node isn't in the list....
Read more >
Is mutating the session possible? · Issue #371 - GitHub
I don't see a way to update data in the session after login. ... and the response is not 'saved' anywhere, just returned...
Read more >
Express session middleware
Forces a session that is “uninitialized” to be saved to the store. A session is uninitialized when it is new but not modified....
Read more >
How to Use Sessions and Session Variables in PHP - Code
A user opens the login page of a website. · After submitting the login form, a server on the other end authenticates the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

pg-promise

Next page

error: relation "session" does not exist