req.session in express-session not persisting

RobKohr picture RobKohr · Jan 28, 2016 · Viewed 15.9k times · Source

I have the following code:

var express = require('express');
var cookieParser = require('cookie-parser');
var http = require('http')
var app = express();
app.use(cookieParser());
var session = require('express-session');
app.use(session({
    resave: false,
    saveUninitialized: true,
    secret: 'sdlfjljrowuroweu',
    cookie: { secure: true }
}));

app.get('/test', test);
function test(req, res) {
    var sess = req.session;
    console.log('before', sess);
    if (sess.views) {
        sess.views++
        req.session.save();
        res.setHeader('Content-Type', 'text/html')
        res.write('<p>views: ' + sess.views + '</p>')
        res.write('<p>expires in: ' + (sess.cookie.maxAge / 1000) + 's</p>')
        res.end();
    } else {
        sess.views = 1;
        req.session.save();
        res.end('welcome to the session demo. refresh!')
    }
    console.log('after', sess);
    return;
}

var server = http.createServer(app);
server.listen(8181);

And reloading the page, I just keep getting the view count 0 message.

Checking the console, this is the output every time:

before { cookie: 
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true,
     secure: true } }
after { cookie: 
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true,
     secure: true },
  views: 1 }

So it doesn't seem to be saving at all

Answer

doron aviguy picture doron aviguy · Jan 28, 2016

Change cookie: { secure: true }to cookie: { secure: false }

using secure flag means that the cookie will be set on Https only.