Hi
I am new to nodejs and web development and I am handling my first project.
Please, I need assistance concerning consistent sessionId because I observed that despite my checks online and documentation that is available online, each request generates a new sessionId in my app.
I use express-session with redis store; when, user logged in, it generate a sessionId in redis and when I redirect the user to dashboard(after successful login), I realise that a new sessionId is generated in express session but not in redis. Hence, difficult to track because it is not in redis. Further requests from dashboard, also generate a new sessionId in express session and not in redis..
I would appreciate materials or sample codes on how to solve this challenge.
Thank you,
Femi
================================ CODE EXTRACTS...
----------------- config..json
{
"cokiepy": "secretSign#143_!223",
"cokieName": "sid",
"cokieAge": 120000,
"cokieSecure": "false",
"sessionSecret": "Myllage123$#@",
"redis": {
"host": "localhost",
"port": 6379,
"client": "client",
"ttl": 260
}
}
------------- app.js extract
var port = process.env.port || 6400;
var path = require('path');
var redis = require("redis");
var uuid = require('uuid');
var session = require('express-session');
var redisStore = require('connect-redis')(session);
var client = redis.createClient();
exports.rediee = {client};
var nconf = require('nconf');
nconf.file({ file: './utilities/config/config.json' });
var cookieparser = require('cookie-parser');
var bodyparser = require('body-parser');
var nodemailer = require('nodemailer');
var mysql = require('mysql');
var express = require('express');
var app = express();
app.set('views', path.join(__dirname, '/views')); // Set the default views directory to html folder
app.use(express.static(path.join(__dirname,'views/html/css/')));
var indexRouter = require('./routes/index');
var cMed = require('./routes/cephasIFRS');
app.set('view engine','ejs');
var htmlPath = path.join(__dirname, './views/html');
var utilPath = path.join(__dirname, './utilities');
var http = require('http');
var server = http.createServer(app);
app.use(cookieparser(nconf.get('cokiepy')));
app.use(bodyparser.json());
app.use(express.static(utilPath));
app.use(express.static(htmlPath));
app.use(session({
genid: (req) => {
return uuid()
},
secret: nconf.get('sessionSecret'), //'ssshhhhh',
key: 'express.sid',
name: nconf.get('cokieName'),
store: new redisStore({
host: nconf.get('redis:host'),
port: nconf.get('redis:port'),
client: client,
ttl : nconf.get('redis:ttl')}),
// cokieAge was set to 2mins [ i.e. 120000 ].
cookie: {
httpOnly: true,
secure: nconf.get('cokieSecure'),
maxAge: nconf.get('cokieAge'),
sameSite: true
},
//key: SESSION_KEY,
rolling: true,
saveUninitialized: false,
resave: false,
name: "id" // makes it much more difficult for any attacker to determine the underlying mechanisms used by our application
}));
app.use('/', cMed); // Add catalog routes to middleware chain.
//server
server.listen(port, () => {
console.log(`...app running at port: ${port}`);
client.on('ready',function() {
console.log("Redis is ready");
});
client.on('error',function() {
console.log("Error in Redis");
});
// test if redis server could set and get key.
client.set('chk this out', 'H001 is the test', redis.print);
client.get('chk this out', function (error, result) {
if (error) {
console.log(error);
throw error;
}
console.log('GET result -> ' + result);
});
});