2

I'm having a bit of a nightmare with setting up user sessions in NodeJS. I have googled the life out of it and read a whole host of articles on here but none of the solutions work for me.

My setup:

app.use(cookieParser());
    app.use(session({
        pool: true,
        key: 'cgtracker.cookie',
        resave: false,
        saveUninitialized: false,
        secret: '1234567890QWERTY',
        cookie: {maxAge: 100000},
        store: new MySQLStore(options),
    }));

I am using MySQLStore ('express-mysql-session'). This is linked to my Db and is working as expected.Running this ->

router.post('/Login', function (req, res) {
        logger.log("info", "Attempting Login for user: " + req.body.Username);
        req.session.username = req.body.Username;
        res.send('Created session for: ' + req.body.Username);

Creates an entry in my session table for a session with an expiry.

| 2gbIWNuFVcE3GmjrFMEctdZlvBMufqiN | 1457713316 | {"cookie":{"originalMaxAge":100000,"expires":"2016-03-11T16:21:55.580Z","httpOnly":t                                                      rue,"path":"/"},"username":"chris.rayner"}

My problem is that I can't retrieve any session in any other function. A simple test here:

router.get('/', function (req, res) {
        logger.log("info", "Current Session: " + JSON.stringify(req.session));
}

I receive: 

Current Session: {\"cookie\":{\"originalMaxAge\":100000,\"expires\":\"2016-03-11T16:24:15.212Z\",\"httpOnly\":true,\"path\":\"/\"}}","timestamp":"2016-03-11T16:22:35.212Z"}`

Where is my Session data gone?!

I feel like I'm missing something obvious, but I have tried so many variations from research I'm becoming a little lost.

My browser cookie is constructed correctly, though the value doesn't seem to correlate to any of the SessionID's stored in the session table.

Any help/ideas/suggestions would be very much appreciated!

Chris

Ahmad Aghazadeh
  • 16,571
  • 12
  • 101
  • 98
CRayner
  • 21
  • 2
  • So, it looks like the problem is a little deeper. Stripping the code back to basics. I cannot create a cookie within a POST request, it is never stored in the browser and thus not available for future requests. Works fine in a GET, but I would like to set this cookie in my Login POST function. – CRayner Mar 14 '16 at 16:49

1 Answers1

0

Found the solution!

Chrome (and maybe firefox, but not tested) by default blocks cookies in POST requests when posting to a "unknown" domain. Some security feature in clientside CORS...

To fix this server side: -Update Cors with an authorized origin(s) for the browser to check against.

app.use(cors({ origin: config.origin, *(I am using an array for multiple allows origins)* credentials: true }));

To fix this Client Side: Add this to the options in the POST header for a function.

xhrFields: { withCredentials: true }

OR

Add this to the Model Constructor for a Class.

$.ajaxPrefilter( function( options, originalOptions, jqXHR ) { options.xhrFields = { withCredentials: true }; });

After this, Cookies made in POST requests successfully "Stick" to the browser and Session functionality is a go!

What a pain! Hope this solution helps somebody else save some time on their project!

CRayner
  • 21
  • 2