Express session sometime lost the session without logout [mobile app] - node.js

I used express-session for my Node.js application with these options
app.use(
session({
secret: "mysecret",
resave: true,
saveUninitialized: true,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
httpOnly: false,
expires: new Date(253402300000000)
}
})
);
and sometime when I update the mobile app due to changes the session got lost and I have to logout and login again.

Related

Res header contaisn set Cookie but browser isn't storing it

I'm using express-session to store session cookie. I can see Set-Cookie connect.ssid under the response header but for some reason it is not getting stored in the cookie.
I'm wondering if this is a CORS issue, my app file looks like this. Should I change something here to make it work.
const session = require('express-session');
const config = require('config');
var MemoryStore = require('memorystore')(session);
module.exports = function (app) {
// app.use(
// session({
// secret: 'key sign',
// resave: false,
// saveUninitialized: false
// })
// );
app.use(express.json());
app.use(cors({ credentials: true }));
enter code here
app.set('trust proxy', 1);
app.use(
session({
saveUninitialized: false,
cookie: { maxAge: 86400000 },
store: new MemoryStore({
checkPeriod: 86400000
}),
resave: false,
cookie: { secure: false },
secret: config.get('sessionStorage')
})
);
app.use('/api/users', users);
Here is how I fixed this.
Add SSL to both frontend and backend.
If it is self-signed, ensure browser trust it. For example, if you're using mac, go to keychain, select specific certificate and select always trust option.
Restart the system. Only then SSL will be properly set otherwise there would still be insecure badge in the navigations.

Express session create new session every request

I been search a lot and dont found solutions,
when I send request in postman everything goes well
but in my react app every request I send i get new session and I lossing my User info (using passport)
there is my backend session configuration:
app.use(cors({
credentials: true,
origin: 'http://localhost:3000',
methods:['GET','POST', 'DELETE', 'PUT'],
}));
//SESSION CONFIGURATION
const sessionStore = new MongoStore({
mongooseConnection: connection,
collection: 'sessions'
})
const sessionConfig = {
store: sessionStore,
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: { maxAge: 3600000, httpOnly: true, secure: false}
};
app.use(session(sessionConfig));
there is my axios configuration (fontend):
const instance = axios.create({
baseURL: 'http://127.0.0.1:5000/',
withCredentials: true
});
I really exhausted from this problem need some help thanks in advance
UPDATED
problem not solved but I see that my client side dont store any coockie in the browser and I get the coockie in the auth response

What is the best time to set MaxAge for my cookies in my REST Api

What is conventional time to set (MaxAge) for my cookies in my Rest Api and I am using connect-mongo package to save the session on My mongodb, How do i destroy of delete the session from my mongodb once the user logged out.
The setup for my cookie is
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: new MongoStore({
mongooseConnection: mongoose.connection
}),
cookie: {
maxAge: 60000 * 30
}
}));
And the for the authentication am using passport

Default path for SQLite Store - Node.js

app.use(session({
store: new SQLiteStore,
secret:"xxxxxx",
saveUninitialized: false,
cookie: { maxAge: 60000 },
rolling: true,
resave: true
}));
By default new file with sessions named "sessions" is being created in a root directory. How to change default path?
var session = require('express-session');
var SQLiteStore = require('connect-sqlite3')(session);
app.use(session({
store: new SQLiteStore({dir:'./db/', db: 'sessions'}),
...

NodeJS: Different session without www

I have the same problem that these questions but in NodeJS:
different session with url's with-www and without-www
Same URL without www different session
If I write domain.com is a different session that www.domain.com ... Why?
It's for some domain rule?
I share here my cookie in express:
app.use(session({
saveUninitialized: true,
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: 15778476000,
httpOnly: true,
secure: false
},
key: 'sessionId',
store: new mongoStore({
db: db.connection.db,
collection: config.sessionCollection
})
}));
Thank you!

Resources