NodeJS: Different session without www - node.js

I have the same problem that these questions but in NodeJS:
different session with url's with-www and without-www
Same URL without www different session
If I write domain.com is a different session that www.domain.com ... Why?
It's for some domain rule?
I share here my cookie in express:
app.use(session({
saveUninitialized: true,
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: 15778476000,
httpOnly: true,
secure: false
},
key: 'sessionId',
store: new mongoStore({
db: db.connection.db,
collection: config.sessionCollection
})
}));
Thank you!

Related

NodeJS Session & Passport.session() Not Save A Session On Live Server

The Problem is shows up on the paid server or when I change the server default domain to my domain.
That's My Code:
app.use(helmet.contentSecurityPolicy({
useDefaults: true,
defaultSrc: ["'self'"],
directives: directives,
scriptSrc: scriptSources,
scriptSrcElem: scriptSources,
styleSrc: styleSources,
contentTypes: contentTypes,
connectSrc: connectSources,
reportUri: "/report-violation",
reportOnly: false,
safari5: false,
}));
app.use(noCache());
app.use(helmet.noSniff());
app.use(helmet.xssFilter());
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
app.use(bodyParser.urlencoded({ extended:
true }));
app.use(express.json());
app.use(device.capture({ parseUserAgent: true
}));
app.disable('x-powered-by');
app.use(helmet.frameguard());
app.use(helmet.ieNoOpen());
app.use(helmet.hsts({
maxAge: 3600000,
includeSubDomains: true,
force: true,
}));
app.use(cookieParser());
app.use(
session({
name: uuidv4(),
secret: process.env.SERET,
resave: true,
cookie: {
sameSite: true,
secure: true,
maxAge: 3600000,
},
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.dburl,
//MONGODB URL
ttl: 24 * 60 * 60,
autoRemove: 'native'
}),
})
);
app.use(compression());
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
When I Click Login It's Redirect My To Login Page But Without Any Session.
Note: It's Working So Fine On Localhost!.
Please Help.
Best Regards,
Raqeeb Al-Nakib
I solve the problem by changing the session config as follow:
app.use(session({
name: uuidv4(),
secret: process.env.SERET,
resave: false,
proxy: true, // Set This To True
cookie: {
sameSite: true,
secure:true, // Set this to True
httpOnly: true,
maxAge: 3600000,
},
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.dburl, //MONGODB URL
ttl: 24 * 60 * 60,
autoRemove: 'native'
}),
})

Express session create new session every request

I been search a lot and dont found solutions,
when I send request in postman everything goes well
but in my react app every request I send i get new session and I lossing my User info (using passport)
there is my backend session configuration:
app.use(cors({
credentials: true,
origin: 'http://localhost:3000',
methods:['GET','POST', 'DELETE', 'PUT'],
}));
//SESSION CONFIGURATION
const sessionStore = new MongoStore({
mongooseConnection: connection,
collection: 'sessions'
})
const sessionConfig = {
store: sessionStore,
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: true,
cookie: { maxAge: 3600000, httpOnly: true, secure: false}
};
app.use(session(sessionConfig));
there is my axios configuration (fontend):
const instance = axios.create({
baseURL: 'http://127.0.0.1:5000/',
withCredentials: true
});
I really exhausted from this problem need some help thanks in advance
UPDATED
problem not solved but I see that my client side dont store any coockie in the browser and I get the coockie in the auth response

What is the best time to set MaxAge for my cookies in my REST Api

What is conventional time to set (MaxAge) for my cookies in my Rest Api and I am using connect-mongo package to save the session on My mongodb, How do i destroy of delete the session from my mongodb once the user logged out.
The setup for my cookie is
app.use(session({
secret: 'secret',
resave: false,
saveUninitialized: true,
store: new MongoStore({
mongooseConnection: mongoose.connection
}),
cookie: {
maxAge: 60000 * 30
}
}));
And the for the authentication am using passport

Express session sometime lost the session without logout [mobile app]

I used express-session for my Node.js application with these options
app.use(
session({
secret: "mysecret",
resave: true,
saveUninitialized: true,
store: new MongoStore({ mongooseConnection: mongoose.connection }),
cookie: {
httpOnly: false,
expires: new Date(253402300000000)
}
})
);
and sometime when I update the mobile app due to changes the session got lost and I have to logout and login again.

Default path for SQLite Store - Node.js

app.use(session({
store: new SQLiteStore,
secret:"xxxxxx",
saveUninitialized: false,
cookie: { maxAge: 60000 },
rolling: true,
resave: true
}));
By default new file with sessions named "sessions" is being created in a root directory. How to change default path?
var session = require('express-session');
var SQLiteStore = require('connect-sqlite3')(session);
app.use(session({
store: new SQLiteStore({dir:'./db/', db: 'sessions'}),
...

Resources