NodeJS login in Chrome 17.x - global sessions/cookie issue

[Akira]

I'm doing simple authorization with NodeJS using mongodb. The problem
is Chrome on my work computer doesnt't want to get cookes from my Node-
app. We use Google Chrome 17.0.963.56. Same thing goes with Opera/FF.
Bug founded on Windows XP Professional x64 Edition Version 2003
Service Pack 2. Detailed source I use can be found at this topic:
http://stackoverflow.com/questions/11103842/nodejs-mongodb-redis-register-and-login-sessions-issue

I thought there is something wrong with my code, so I've tried
Passport module for NodeJS. [https://github.com/jaredhanson/passport-
local][2] The result is the same. I've shot a small video,
demonstrating what's going on when I try to login at my own and
Passport-based website. The same issue: http://youtu.be/ezkku8wfqWg

Interesting, that there are no problems with the same code, when I
access it from my Mac, ubuntu, Windows 7, other computers from
network. However, default browser on my chief's android tablet also
doesn't want to login with the same symptoms. Here is the server I've
launched for testing with passport-local system:

http://50.57.164.170:3000

as you may see on video, I can't login. Test credentials are bob/
secret.
I've tried this code on several computers, deployed on Rackspace
clouds, Linode clouds, set up private physical webserver in out
corporate network - no luck. Chrome on x64 and Android can't login.
The problem exists: besides login is correct, POST request is
starring, it can't store session and place a cookie - the
req.body.session is empty in another function.

I'even re-written auth system on Django-python, everything works
perfect.

Any ideas?

[mscdex]

On Jun 25, 2:58 pm, Akira <ilyarusa...@googlemail.com> wrote:
> http://50.57.164.170:3000

Server is down for me.

> Any ideas?

Have you checked browser cookie settings? Are there different domains/
subdomains being used in the setup?

[Akira]

>>Server is down for me. 

yeah, I've dropped it due to updating to node 0.8, in a few hours it wiil be ok

>>Have you checked browser cookie settings? Are there different domains/ 
subdomains being used in the setup?

Certaily, I've checked Accept cookes on PC and android tablet several times, no other domain are not linked...

понедельник, 25 июня 2012 г., 22:58:34 UTC+4 пользователь Akira написал:

[Jeremy Darling]

Random stab in the dark, but I don't see where you are enforcing encoding.  By default Win XP 64 still uses ASCII or UTF-8 (one or the other can't remember specifically).  You might try forcing encoding on your packets as when they are getting received by the client they are probably running into a UTF transcode issue.

Long theory short, enforce UTF-8 before sending.  If that doesn't work enforce ASCII and try again.

 - Jeremy

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

[Ilya Rusanen]

Do you mean I should specify encoding in the page html-code <meta http-equiv='Content-Type' content='Type=text/html; charset=utf-8'> 

or somewhere on the backend? I should mention, most of site content is in russian (UTF-8 is prefered), however credentials (login, pass, email) may be only latin.

2012/6/26 Jeremy Darling <jeremy....@gmail.com>

--
With best wishes,

Ilya Rusanen

ilyar...@gmail.com

[Ilya Rusanen]

Sorry, I will be able to start a server with my app for public testnig only ~02:00 PM GMT :(

2012/6/26 Ilya Rusanen <ilyar...@googlemail.com>

[Jeremy Darling]

I'm not completely familiar with how express handles encoding, but when you send over your content make sure you do a toString('utf-8') on it and on your response object headers specify the uft-8 encoding as well.

Something similar to:

    var headers = {

      "Content-Type": "text/html; charset=utf-8"

    }

    res.setEncoding('utf-8');

    res.write(myContent.toString('utf-8');

    res.end();

If UTF-8 doesn't work switch back to ASCII standard (change utf-8 to ascii) and try again.  Also make sure that you have all of the updates put on your XP box.  I know there have been several language updates for it that may be affecting your results with Russian.  If you can get your server up and running again I'll be happy to run my XP64 US-EN install against it to see if it has any problems.

 - Jeremy

[Ilya Rusanen]

Thank you very much, let's try in a few hours. Please, keep in mind I use rather old Chrome 17.x...  so if you have later version on your WinXP64, you may not get such a problem. Also, I've noticed, no browsers on this computer are able to login on this page (Opera, FF and ever IE show the same issue).

It's also strange that the same bug comes on Android tablet with latest updates (both on default browser, and on Opera Mobile).

2012/6/26 Jeremy Darling <jeremy....@gmail.com>

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

[hasanyasin]

Hey Ilya,

I guess you skipped my message. :) Could you please try it? Encoding is very unlikely to be a problem here since this is all about HTTP Headers. Even if session is not created because of a problem in encoding of cookie values, which is still very unlikely since express uses connect and connect does not put session variables in cookies but uses them only for a session id, you should first be sure that cookie headers are there before investing the encoding of its value.

Good luck,

hasanyasin

[hasanyasin]

typo: investing --> investigating

[Ilya Rusanen]

Hello,

sorry for being so late, just set up my server.

Here is the link: http://184.106.80.211:3000/ try to login with user: bob pass: password 

It would be great if you try to login on WinXP 64bit. Unfortunately,  I didn't try headers solution yet. I'll try it today.

Thanks in advance!

2012/6/26 hasanyasin <hasan...@gmail.com>

typo: investing --> investigating

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

[hasanyasin]

Hello again Illya,

I have tried the page and it works for me. Cookies are set without any problems. I logged in successfully. However, one thing caught my attention: expiration time. It is 6/26/12 23:18 GMT now and your cookie expiration is set to 27 Jun 2012 03:18 GMT, which leaves only 4 hours before cookie is expired.

It is perfectly okay to set cookies that will expire in 4 hours; unless a client has wrong timezone set. Could you please make sure that the problem clients have the correct time zones set up? If I did not misunderstand your original post, you told that other browser had the same problem on the same OS. So I believe this is probably the reason of your problem.

On systems I develop, I give cookies expiration times for one year. I validate cookies on server side. I do not use connect for cookie and session management since I am always more comfortable doing these things myself.

I hope your problem is solved with this.

[Ilya Rusanen]

Thanks,  hasanyasin,

huh, I didn't ever think about cookies expiration date. Actually I don't specify the exact time for cookies manually, I even don't know why it's set exactly to 4 hours (I may suppose, it may be related with time difference between Moscow and GMT time - 4 hours, but it's just a guess). I'll try to get familiar with express cookies management and check up your solution today, thank you very much!

2012/6/27 hasanyasin <hasan...@gmail.com>

--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en

[Ilya Rusanen]

BTW, in express docs found smth like this:

// "Remember me" for 15 minutes 
res.cookie('rememberme', 'yes', { expires: new Date(Date.now() + 900000), httpOnly: true });

Looks like it's what I need. However in my code I don;t use similar ways of setting cookies, it may be set in automatic way or smth like that...

2012/6/27 Ilya Rusanen <ilyar...@googlemail.com>

[Ilya Rusanen]

hasanyasin,

splendid! Worked like a charm! I just used:

    app.use(express.session({

        secret: "meta-meta",

        store: new RedisStore,

cookie: { secure: false, maxAge:86400000 }

    }));

and that gave +1 day for my session. Now it works on every system!

I just don't know how to thank you :) I've given +115 points of my reputation on StackOverflow.com to you :) Couldn't imagine the problem was in sessions

Thanks again!

2012/6/27 Ilya Rusanen <ilyar...@googlemail.com>

[hasanyasin]

I am glad it worked. :)

Thank you for the stackexchange gift. My reputation was 1 and I was not writing anything there since I was not allowed to comment. Now I can. Thank you! :D