0

I am using firestore-store with an express-session to store a cookie for an oauth process. I am adding the session as a middleware layer on the express instance. But I am noticing that a new cookie is generated and stored at every function invocation rather than reading and updating one cookie.

Maybe I am misunderstanding how this should all work: shouldn't there only be one cookie? If each invocation creates a new cookie, how can I retrieve information properly from a cookie in a future invocation?

I have been running this currently with firebase serve --only functions from the terminal and running a local instance. I am not emulating anything but having the sessions stored on the production firebase.

Here is my setup:

const functions = require('firebase-functions');
const admin = require('firebase-admin');
const express = require("express");
const app = express();
const session = require('express-session')
const FirestoreStore = require('firestore-store')(session);

admin.initializeApp({
  credential: admin.credential.cert(<json>),
  databaseURL: 'https://<appUrl>.firebaseio.com'
});

app.set('trust proxy', true)
app.use(cors())
app.use(session({
    store: new FirestoreStore({
         database: admin.firestore(),
    }),
    secret: 'My secret',
    name: '__session',
    resave: true,
    saveUninitialized: true,
    cookie: {maxAge: 60000, secure: false, httpOnly: false}
  }))

var client = etsyjs.client({
  key: process.env.ETSY_KEY,
  secret: process.env.ESTY_SECRET,
  callbackURL: `http://localhost:5000/${process.env.BACKEND_ADDRESS}/authorize`
});

// Etsy oauth
app.get('/register', (req, res) => {
  res.setHeader('Cache-Control', 'private');

  return client.requestToken((err, response) => {
    console.log(response)
    if (err) {
      return console.log(err);
    }

    req.session.cookie.token = response.token;
    req.session.cookie.sec = response.tokenSecret;

    res.status('200').send(response)
  });
});

app.get('/authorize', (req, res) => {
  console.log(req.session) // does not include any information from the registration
  ...
}

I can find the information being stored on Cloud Firestore, but I've noticed the session name ('__session') is not being stored. Is this an indication that something else isn't working properly?

Here is a sample document: session: {"cookie":{"originalMaxAge":60000,"expires":"2020-08-26T20:10:04.337Z","secure":false,"httpOnly":false,"path":"/"}}

EndersJeesh
  • 427
  • 1
  • 4
  • 20
  • Hello, I was checking this and I believe that this could be a duplicated, please could you check this question in order to confirm that this is not answered at this other [post](https://stackoverflow.com/questions/44929653/firebase-cloud-function-wont-store-cookie-named-other-than-session)? – Luis Manuel Aug 27 '20 at 18:54
  • Thanks @LuisManuel. I double-checked and had seen that post before and had already attempted to do what it is saying to do. But the code I had provided didn't show that; so I just updated my question to include that code. I'm not sure if I'm particularly doing it correctly, but you'll see me editing the `res` in the `/register` endpoint. – EndersJeesh Aug 27 '20 at 21:28

1 Answers1

0

Okay this is now all working. There were a few things that made it work.

  1. I included credentials in the backend call so that now looks like this:
return await fetch(url, {
    method: 'GET',
    headers: {
      'Content-Type': 'application/json',
    },
    credentials: 'include',
  }).then(...)
  1. I added credentials to the cors settings server-side. So that now looks like this:
var corsOptions = {
  credentials: true,
  origin: true
}

app.use(cors(corsOptions))
  1. These still hadn't fully fixed the issue. What did ultimately solve the problem is that I cleared my cache from my browser. I believe this is the thing that really solved the issue! Definitely painful how long it took to try this simple thing.
EndersJeesh
  • 427
  • 1
  • 4
  • 20