I have the same problem that these questions but in NodeJS:
different session with url's with-www and without-www
Same URL without www different session
If I write domain.com is a different session that www.domain.com ... Why?
It's for some domain rule?
I share here my cookie in express:
app.use(session({
saveUninitialized: true,
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: 15778476000,
httpOnly: true,
secure: false
},
key: 'sessionId',
store: new mongoStore({
db: db.connection.db,
collection: config.sessionCollection
})
}));
Thank you!
Related
The Problem is shows up on the paid server or when I change the server default domain to my domain.
That's My Code:
app.use(helmet.contentSecurityPolicy({
useDefaults: true,
defaultSrc: ["'self'"],
directives: directives,
scriptSrc: scriptSources,
scriptSrcElem: scriptSources,
styleSrc: styleSources,
contentTypes: contentTypes,
connectSrc: connectSources,
reportUri: "/report-violation",
reportOnly: false,
safari5: false,
}));
app.use(noCache());
app.use(helmet.noSniff());
app.use(helmet.xssFilter());
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
app.use(bodyParser.urlencoded({ extended:
true }));
app.use(express.json());
app.use(device.capture({ parseUserAgent: true
}));
app.disable('x-powered-by');
app.use(helmet.frameguard());
app.use(helmet.ieNoOpen());
app.use(helmet.hsts({
maxAge: 3600000,
includeSubDomains: true,
force: true,
}));
app.use(cookieParser());
app.use(
session({
name: uuidv4(),
secret: process.env.SERET,
resave: true,
cookie: {
sameSite: true,
secure: true,
maxAge: 3600000,
},
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.dburl,
//MONGODB URL
ttl: 24 * 60 * 60,
autoRemove: 'native'
}),
})
);
app.use(compression());
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
When I Click Login It's Redirect My To Login Page But Without Any Session.
Note: It's Working So Fine On Localhost!.
Please Help.
Best Regards,
Raqeeb Al-Nakib
I solve the problem by changing the session config as follow:
app.use(session({
name: uuidv4(),
secret: process.env.SERET,
resave: false,
proxy: true, // Set This To True
cookie: {
sameSite: true,
secure:true, // Set this to True
httpOnly: true,
maxAge: 3600000,
},
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.dburl, //MONGODB URL
ttl: 24 * 60 * 60,
autoRemove: 'native'
}),
})
I been search a lot and dont found solutions,
when I send request in postman everything goes well
but in my react app every request I send i get new session and I lossing my User info (using passport)
there is my backend session configuration:
app.use(cors({
credentials: true,
origin: 'http://localhost:3000',
methods:['GET','POST', 'DELETE', 'PUT'],
}));
//SESSION CONFIGURATION
const sessionStore = new MongoStore({
mongooseConnection: connection,
collection: 'sessions'
})
const sessionConfig = {
store: sessionStore,
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: { maxAge: 3600000, httpOnly: true, secure: false}
};
app.use(session(sessionConfig));
there is my axios configuration (fontend):
const instance = axios.create({
baseURL: 'http://127.0.0.1:5000/',
withCredentials: true
});
I really exhausted from this problem need some help thanks in advance
UPDATED
problem not solved but I see that my client side dont store any coockie in the browser and I get the coockie in the auth response
What is conventional time to set (MaxAge) for my cookies in my Rest Api and I am using connect-mongo package to save the session on My mongodb, How do i destroy of delete the session from my mongodb once the user logged out.
The setup for my cookie is
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: new MongoStore({
mongooseConnection: mongoose.connection
}),
cookie: {
maxAge: 60000 * 30
}
}));
And the for the authentication am using passport
I used express-session for my Node.js application with these options
app.use(
session({
secret: "mysecret",
resave: true,
saveUninitialized: true,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
httpOnly: false,
expires: new Date(253402300000000)
}
})
);
and sometime when I update the mobile app due to changes the session got lost and I have to logout and login again.
app.use(session({
store: new SQLiteStore,
secret:"xxxxxx",
saveUninitialized: false,
cookie: { maxAge: 60000 },
rolling: true,
resave: true
}));
By default new file with sessions named "sessions" is being created in a root directory. How to change default path?
var session = require('express-session');
var SQLiteStore = require('connect-sqlite3')(session);
app.use(session({
store: new SQLiteStore({dir:'./db/', db: 'sessions'}),
...