Consistent SessionId [Express-Session/Redis]

22 views
Skip to first unread message

Femi Ogundele

unread,
Jul 25, 2020, 8:09:29 PM7/25/20
to nodejs
Hi

I am new to nodejs and web development and I am handling my first project.

Please, I need assistance concerning consistent sessionId because I observed that despite my checks online and documentation that is available online, each request generates a new sessionId in my app.

I use express-session with redis store; when, user logged in, it generate a sessionId in redis and when I redirect the user to dashboard(after successful login), I realise that a new sessionId is generated in express session but not in redis. Hence, difficult to track because it is not in redis. Further requests from dashboard, also generate a new sessionId in express session and not in redis..

I would appreciate materials or sample codes on how to solve this challenge.

Thank you,
Femi

================================  CODE EXTRACTS...
-----------------  config..json
{
    "cokiepy": "secretSign#143_!223",
    "cokieName": "sid",
    "cokieAge": 120000,          
    "cokieSecure": "false",
    "sessionSecret": "Myllage123$#@",
    "redis": {
        "host": "localhost",
        "port": 6379,
        "client": "client",
        "ttl": 260
    }    
}

-------------  app.js extract
var port = process.env.port || 6400;

var path = require('path');
var redis = require("redis");
var uuid = require('uuid');
var session = require('express-session');
var redisStore = require('connect-redis')(session);
var client = redis.createClient();

exports.rediee = {client};

var nconf = require('nconf');
nconf.file({ file: './utilities/config/config.json' });

var cookieparser = require('cookie-parser');
var bodyparser = require('body-parser');
var nodemailer = require('nodemailer');

var mysql = require('mysql');

var express = require('express');
var app = express();
app.set('views', path.join(__dirname, '/views'));          // Set the default views directory to html folder

app.use(express.static(path.join(__dirname,'views/html/css/')));

var indexRouter = require('./routes/index');
var cMed = require('./routes/cephasIFRS');  

app.set('view engine','ejs');

var htmlPath = path.join(__dirname, './views/html');
var utilPath = path.join(__dirname, './utilities');

var http = require('http');
var server = http.createServer(app);

app.use(cookieparser(nconf.get('cokiepy')));
app.use(bodyparser.json());  
app.use(express.static(utilPath));
app.use(express.static(htmlPath));

app.use(session({
   genid: (req) => {
      return uuid()
    },
   secret: nconf.get('sessionSecret'),    //'ssshhhhh',
   key: 'express.sid',
   name: nconf.get('cokieName'),
   store: new redisStore({
     host: nconf.get('redis:host'),
     port: nconf.get('redis:port'),  
     client: client,
     ttl :  nconf.get('redis:ttl')}),
     // cokieAge was set to 2mins [ i.e. 120000 ].
     cookie: {
         httpOnly: true,
         secure: nconf.get('cokieSecure'),
         maxAge: nconf.get('cokieAge'),
         sameSite: true
      },
   //key: SESSION_KEY,
   rolling: true,
   saveUninitialized: false,
   resave: false,
   name: "id"        //  makes it much more difficult for any attacker to determine the underlying mechanisms used by our application
 }));


app.use('/', cMed);  // Add catalog routes to middleware chain.

//server
server.listen(port, () => {
   console.log(`...app running at port: ${port}`);
      client.on('ready',function() {
         console.log("Redis is ready");
      });
   
      client.on('error',function() {
         console.log("Error in Redis");
      });  

      // test if redis server could set and get key.
      client.set('chk this out', 'H001 is the test', redis.print);
      client.get('chk this out', function (error, result) {
      if (error) {
           console.log(error);
           throw error;
       }
       console.log('GET result ->  ' + result);
   });  
});

luka...@gmail.com

unread,
Aug 3, 2020, 5:34:42 PM8/3/20
to nodejs
Every time you access the "/" route you generate a new sessionId. This means that the route below app.use(session()) will generate new uuid's for the user session.

This not occur on routes above session definition.

On express routes are definite by the way you write it, so it not will generate uuid's for the indexRouter and cMed.
Reply all
Reply to author
Forward
0 new messages