I've started to add express-session to my express server app. I've managed to get persistent sessions, but now I've noticed that for different tabs and even different instances/windows of Chrome I'm getting the same session id.
Only by starting an incognito session am I getting a different session id, but then it in fact differs on every reload, which is again surprising to me.
So how does express actually tell different requests from another?
I'm working in a dev setup with an angular client (http://localhost:4200) making requests to my express server sitting on http://localhost:3000. This is my api setup:
this.app.use(
cors({
credentials: true,
origin: 'http://localhost:4200',
})
);
this.app.use(
session({
secret: "Don't tell anyone!",
resave: false,
saveUninitialized: true,
cookie: {
sameSite: 'none',
secure: true,
},
})
);
and the client request is:
return this.httpClient
.get<T>(`${this.baseUrl}/api/resource/table`, {
params: query,
withCredentials: true,
})
So maybe in the real world it would behave differently. But that's something I cannot test. So I would be happy about some deeper insight on how this works under the hood.
Actually I was hoping to get a different session for every different tab, or in general for every client/browser that is accessing my api. Can this even be done?
