req.session working locally but not on a server

[Masiar]

Hi, I have this server which stores sessions. Basically when I login I
store some information about the user that logged in so that I can
check if the user is logged in or not and display different pages. My
problem is that locally everything works perfectly, while the same
exact server online doesn't store the session variables. It seems like
even if I login, in the subsequent request it's like I'm not logged
in.

Any clue? Thanks a lot

[C. Mundi]

How (where) is the session data stored?  And if the answer is "local store" (memory or persistent) then are requests always mapped to the same server?

--
You received this message because you are subscribed to the Google Groups "Express" group.
To post to this group, send email to expre...@googlegroups.com.
To unsubscribe from this group, send email to express-js+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/express-js?hl=en.

[tjholowaychuk]

usually when people have this issue it's related to the server's date and cookies

[Masiar]

Thanks, so I have to check the server's date right? How should I check
server's cookies?

[Masiar]

They are stored in the req.session.user variable. The requests are
always mapped to the same server.

On Mar 13, 12:30 am, "C. Mundi" <cmu...@gmail.com> wrote:
> How (where) is the session data stored?  And if the answer is "local store"
> (memory or persistent) then are requests always mapped to the same server?

[C. Mundi]

TJ has already mentioned timekeeping.  And I'm assuming that you are using the same client in both cases, so it should be accepting and saving the session cookie in both cases, but you might check anyway.  It's a good puzzle.  Please post the answer when you find it.

[Masiar]

Yep, I confirm that I'm using the same client in both cases. And I
just checked the date of the server, it corresponds to the date on my
machine (the server is located in the place where I live), so it's not
a date issue.
How do I check server cookies (mentioning what TJ said)?

Masiar

On Mar 13, 2:04 am, "C. Mundi" <cmu...@gmail.com> wrote:
> TJ has already mentioned timekeeping.  And I'm assuming that you are using
> the same client in both cases, so it should be accepting and saving the
> session cookie in both cases, but you might check anyway.  It's a good
> puzzle.  Please post the answer when you find it.

[Masiar]

Meanwhile I tried again locally and online and I confirm that locally
the same exact code is working while online is not.

[Masiar]

Big news. I tried on another server (nodester) and cookies seems to
work fine there (it keeps me logged in). So, it seems like a server
issue. I don't really know what to check there, so, sorry if it's not
an express-related question, but I guess you know better than me what
the hell is going on: what should i do on the server to make my app
work (that is, keeps me logged in)? It surely is some setup thingy
that I don't really know.
Thanks and sorry for the out-of-topic question.

[C. Mundi]

That's strange.  I've used a variety of servers for node... Windows, AWS EC2, Linode, etc.  If you don't mind... What hosting service (if any) and what OS/machine image was not working for you?  I'm not trying to call anyone out, but I (and presumaby others on this lust) would not want to go through what you did.  I'm glad you found something that works!

[Masiar]

On Mar 14, 6:10 pm, "C. Mundi" <cmu...@gmail.com> wrote:
> That's strange.  I've used a variety of servers for node... Windows, AWS
> EC2, Linode, etc.  If you don't mind... What hosting service (if any) and
> what OS/machine image was not working for you?  I'm not trying to call
> anyone out, but I (and presumaby others on this lust) would not want to go
> through what you did.  I'm glad you found something that works!

I'm glad i found something working too, but I just needed that to test
if my application was working online. What I need is to work on that
particular server, because it's very powerful and I have to stress
test my app. The machine runs a Ubuntu Server 64 bit, 11.04.

[Masiar]

If only TJ could specify what he meant with "server cookies" (since
date is ok) I may check asap and see if that's the problem. I believe
that the problem are indeed server's cookies since on the other server
my app works fine. But I NEED to work on this machine and I haven't
got so much time left. It's for my thesis.

[C. Mundi]

Interesting.  My production servers are running Ubuntu 11.04.

[C. Mundi]

I get the idea that TJ is super busy and may not realize that what's obvious to experienced web developers may be a mystery to us.

I'm not ashamed to say that cookies confuse me sometimes.  Maybe you could post a small example we could narrow down where to look.  I think fundamentally, there are three questions: is the session cookie being sent to client?  Is session cookie being stored by client? Is client sending session cookie back to server intact?

[Michael "Kato" Wulf]

Also, I'd recommend the following:

If you inspect the cookies in your browser, does the domain for the cookie exactly match the domain in the browser's address bar? That one has bitten me more times than I care to count.

--
Michael Wulf

775-235-8398

web site | contact

[Masiar]

I don't know how to post you an example since is not a problem of the
code itself but of the server. In the "working" server, where sessions
are stored both if I access from the browser and from the chrome
extension (via popup) I checked the headers and the set-cookie header
is present. Same goes for the server that doesn't keep my session. The
only difference is that this server keeps the session in the browser,
but not in the chrome extension popup (that is, if I open the chrome
popup I see the login page, I login and i'm logged. I close the popup
and re-open it again and again I see the login page; this doesn't
happen in the "working" server).

Michael: I'm going to do some checking on the domain just right now,
I'll let you know as soon as possible.

On Mar 15, 4:45 pm, "C. Mundi" <cmu...@gmail.com> wrote:
> I get the idea that TJ is super busy and may not realize that what's
> obvious to experienced web developers may be a mystery to us.
>
> I'm not ashamed to say that cookies confuse me sometimes.  Maybe you could
> post a small example we could narrow down where to look.  I think
> fundamentally, there are three questions: is the session cookie being sent
> to client?  Is session cookie being stored by client? Is client sending
> session cookie back to server intact?

[Masiar]

I've checked the headers that are sent when I login. The domain (you
mean requested url and host?) is the same as the address bar. Also,
everything else except the cookie itself seems to be similar.

I noticed that when I login on the server that is not working from the
chrome extension popup, as I said it doesn't keep me connected BUT
accessing the webpage after logging in results in automatic login. I
think this means that somehow the chrome extension doesn't like the
host and doesn't store cookies for that. Could it be possible?

On Mar 15, 4:51 pm, "Michael \"Kato\" Wulf" <katow...@gmail.com>
wrote:

> Also, I'd recommend the following:
>
> If you inspect the cookies in your browser, does the domain for the cookie
> exactly match the domain in the browser's address bar? That one has bitten
> me more times than I care to count.
>
>
>
>
>
>
>
>
>
> On Thu, Mar 15, 2012 at 8:45 AM, C. Mundi <cmu...@gmail.com> wrote:
> > I get the idea that TJ is super busy and may not realize that what's
> > obvious to experienced web developers may be a mystery to us.
>
> > I'm not ashamed to say that cookies confuse me sometimes.  Maybe you could
> > post a small example we could narrow down where to look.  I think
> > fundamentally, there are three questions: is the session cookie being sent
> > to client?  Is session cookie being stored by client? Is client sending
> > session cookie back to server intact?

> web site <http://www.michaelwulf.com> |
> contact<http://www.michaelwulf.com/blog/chat-with-wulf>