0

I'm trying to save the userName of a user in express session. It saves the variable in session but it returns undefined on next request to the route. However, the problem is with POST route only.

With GET request, I can save session variable and it doesn't get destroyed on further requests. I think I must be doing something wrong. I tried save() method for POST but still it saves only first time and next time it is vanished.

Here's the code:

app.use(session({
  secret: 'some secret',
  resave: true,
  saveUninitialized: true,
  cookie: {
    maxAge: 36000000,
    httpOnly: false
  },
}));

FOLLOWING GET ROUTE WORKS.

app.get("/test", function(req, res, next){
    if(!req.session.name){
        req.session.name = "vikas kumar";
    } else {
        console.log(req.session.name);
    }
    res.end();
});

app.use(function (req, res, next) {
  var userName = req.session.userName;
  // console.log(req.session.userName);
  if(userName && userName != 'undefined'){
    res.send({status: "success", value: userName});
  } else {
    if(req.path == '/checkIfLoggedIn'){
        res.send({status: "error", message: "Session ended."});
    } else {
        next('route');
    }
  }
});

FOLLOWING ROUTE SAVES SESSION ONLY ONCE.

app.post('/getProfile', function (req, res, next) {
    console.log("Session", req.session.userName, req.session.name);
    if(typeof req.session.userName != 'undefined'){
        var userName = req.session.userName;
    } else {
        var userName = req.body.userName;
    }
   connectionPool.getConnection(function (err, connection) {
        if (err) {
            res.send({status: "error", message: err});
        } else {
        connection.query("SELECT * FROM cs_chat.users WHERE username=?", [userName], function (err, rows, fields) {
            if(rows.length==1){
                // console.log(">>>", req.session.userName);
                req.session.userName = userName;
                req.session.save();
                // console.log("<<<", req.session.userName);
                next();
            }else{
                res.send({status: "error", message: "Sorry, you're not registered."});
            }
            connection.release();

        });

        }
    });
}, function (req, res) {
    connectionPool.getConnection(function (err, connection) {
        if (err) {
            res.send({status: "error", message: err});
        } else {
            req.session.username = req.body.userName;
            req.session.save();
        connection.query("SELECT usr.username, usr.name, tsn.sender, CASE WHEN tsn.unseen is not null THEN tsn.unseen ELSE 0 END as unseen, tsn.receiver FROM users usr LEFT JOIN (SELECT sender, receiver, SUM(CASE WHEN seen = 0 THEN 1 ELSE 0 END) AS unseen FROM messages WHERE receiver = ? GROUP BY sender , receiver) tsn ON usr.username = tsn.sender where usr.username!=?", [req.body.userName, req.body.userName], function (err, rows, fields) {
            if(rows.length>0){
                res.send({status: "success", values: rows});
            }else{
                res.send({status: "success", values: []});
            }
            connection.release();
        });

        }
    });
});

Am I doing something wrong?

Vikas
  • 720
  • 1
  • 9
  • 30
  • well in your `POST` request you are not saving the session so that, form it later the username can be retrieved from it later in your other restricted routes. See this similar [SO question](https://stackoverflow.com/q/26531143/3521116) – warl0ck Jun 23 '17 at 05:03
  • But I've already written `save()` method? – Vikas Jun 23 '17 at 09:15
  • First of all can you please tell me why are you using two `function` when you can do the above in single function only, connecting to `connectionPool` will simply increase the response time of the server and in the first `function(req, res, next)` why are you using the `next()` it's not required. – warl0ck Jun 23 '17 at 10:15
  • and since it's javascript you are checking equality with `==` instead you should be checking it with `===` this might be one of the reasons. like `if(rows.length==1)` should be `if(rows.length===1)` – warl0ck Jun 23 '17 at 10:29

1 Answers1

0

Since it is Javascript you should be checking quality with === instead of == and for better response time releasing the connection and then again connecting to it, is simply unnecessary, when you have the connection to connectionPool just query from it twice and then release the connection.

Here is the sample modified app.post().. request, this should work:

    app.post('/getProfile', function (req, res, next) {
    console.log("Session", req.session.userName, req.session.name);
    var userName = (req.session.userName !== undefined) ? req.session.userName : req.body.userName;

    connectionPool.getConnection(function (err, connection) {
        if (err) {
            res.send({ status: "error", message: err });
        } else {
            connection.query("SELECT * FROM cs_chat.users WHERE username=?", [userName], function (err, rows, fields) {
                if (rows.length === 1) {
                    req.session.userName = userName;
                    req.session.save();
                } else {
                    res.send({ status: "error", message: "Sorry, you're not registered." });
                }
            });
            connection.query("SELECT usr.username, usr.name, tsn.sender, CASE WHEN tsn.unseen is not null THEN tsn.unseen ELSE 0 END as unseen, tsn.receiver FROM users usr LEFT JOIN (SELECT sender, receiver, SUM(CASE WHEN seen = 0 THEN 1 ELSE 0 END) AS unseen FROM messages WHERE receiver = ? GROUP BY sender , receiver) tsn ON usr.username = tsn.sender where usr.username!=?",
                [req.body.userName, req.body.userName],
                function (err, rows, fields) {
                    if (rows.length > 0) {
                        res.send({ status: "success", values: rows });
                    } else {
                        res.send({ status: "success", values: [] });
                    }
                });
            connection.release();
        }
    });
});
warl0ck
  • 3,356
  • 4
  • 27
  • 57
  • not sure if it will completely solve the problem, but this is one of the problem for sure – warl0ck Jun 24 '17 at 14:58
  • While the post request can you see the `req.session.userName` in your console output ? – warl0ck Jun 25 '17 at 09:58
  • Leave the post, actually it's not even working for the GET request. I've explained my problem here again. Please check: https://stackoverflow.com/questions/44745218/express-session-with-express-mysql-session-not-working-at-all – Vikas Jun 25 '17 at 10:02