0

After a bit of research, I came to the conclusion that I can run multiple instances of Redis on my CentOS server for each NodeJS server I run (I use Redis to store sessions).

I have followed these instructions and both instances are running properly on two different ports.

On my NodeJS servers, I configured Redis as follows:

import * as session from "express-session";

var RedisStore = require('connect-redis')(session);
var redis = require("redis").createClient();

app.use(session(
    {
        secret: secret,
        store: new RedisStore({ host: 'localhost', port: 6379, client: redis }),
        cookie: { maxAge: 12 * 3600000 },
        resave: true, saveUninitialized: true
    }
));

One with port 6379 and the other with 6380.

I use req.session.regenerate to register a session.

Both login systems work perfectly individually. However, when I load anything on one application, the sessions of the other application are deleted (and need to be re-logged in).

What am I missing here?

Nate
  • 7,606
  • 23
  • 72
  • 124

1 Answers1

0

The problem looks like it is the "session store" in Express and not your usage of Redis.

From the express session documentation:

NOTE be careful to generate unique IDs so your sessions do not conflict.

app.use(session({
  genid: function(req) {
    return genuuid() // use UUIDs for session IDs
  },
  secret: 'keyboard cat'
}))

Name: The name of the session ID cookie to set in the response (and read from in the request).

The default value is 'connect.sid'.

Specifically this warning explains your problem:

Note if you have multiple apps running on the same hostname (this is just the name, i.e. localhost or 127.0.0.1; different schemes and ports do not name a different hostname), then you need to separate the session cookies from each other. The simplest method is to simply set different names per app.

adamrights
  • 1,701
  • 1
  • 11
  • 27
  • I have tried to add: `genid:(req)=>{ return uid.sync(18); }` to both applications without success – Nate Mar 12 '19 at 15:42
  • I don't understand your point since Redis stores sessions in two different databases... how would they interfere with each other? – Nate Mar 12 '19 at 15:44
  • I was thinking that your "user" was invalidating its login token due to running on the same hostname and key generating logic. – adamrights Mar 12 '19 at 19:09
  • Got your point but I wrote that it disconnects ALL the sessions of the other application. The problem seems to be with Redis and how nodejs connects to it...but I can't figure out where the problem comes from. Thanks for your effort though! – Nate Mar 13 '19 at 09:25
  • Ah I see. That is very strange. If you want to send a link with a repo that I could run locally I can try and take a closer look. – adamrights Mar 14 '19 at 17:46