"null" Session Id when using RedisBackend and InMemoryBackend

[Grustamli]

Session ID is shown as null when I use RedisBackend. It is also same for InMemoryBackend. However, Cookie backend works fine.

[Grustamli]

The issue seems to arise on this line:

starsessions/starsessions/middleware.py

Line 46 in 6bd258a

session_id = connection.cookies.get(self.session_cookie, None)

I am using Fastapi, btw.

[alex-oleshkevich]

can you share a code example for more context?

[Grustamli]

Please see below.

app = FastAPI()
app.include_router(router) # Simple API router

app.add_middleware(SessionMiddleware, backend=RedisBackend(settings.redis_url), autoload=True)

I checked the generate_id() function and it is working as intended. However, as I posted above self.session_cookie returns null

[Grustamli]

Sorrry not the self.session_cookie but connection.cookies.get(self.session_cookie, None) returns null.

[alex-oleshkevich]

Also attach an example of your view function where you call this code.

The session id will be generated by the session middleware if empty. This happens when response is being sent.

[Grustamli]

This is the only view where I write to the session.

@router.post("/password/request", status_code=status.HTTP_202_ACCEPTED)
async def reset_request(
    request: Request,
    background_tasks: BackgroundTasks,
    email: str = Body(..., embed=True),
):
    otp = generate_otp()
    otp_expires_at = dt.datetime.now() + dt.timedelta(seconds=settings.otp_valid_for)

    request.session[SESSION_KEY_OTP] = otp
    request.session[SESSION_KEY_OTP_EXPIRES_AT] = otp_expires_at.timestamp()

    background_tasks.add_task(email_otp, email, otp)

[alex-oleshkevich]

Looks like that is all fine. The session ID will be generated once the response is sent and will be available on the next request.
In the browser's dev tools, do you see a random string in place of the "session" cookie or just None?

[Grustamli]

When I use CookieBackend I see session key and value. However, in any of the other backends cookie is returned empty. I use Insomnia to test it.
It should generate an ID on first write but when I debug the RedisBackend, session ID is saved as an actual string with a "null" value. This is because of the line I posted above where connection.cookies.get(self.session_cookie, None) picks null string value from an empty cookie. Could you please check it on your side, too?

[alex-oleshkevich]

yes, sure. thanks for report.

[alex-oleshkevich]

1. can you also make sure that is it not related to Starlette 0.15.0 breaks SessionMiddleware by adding ASGI Path for Subroutes using Mount encode/starlette#1261 ?
2. run examples/redis.py locally on a different port, goto /set, and check if the cookie is set.

I tested locally and all works fine.

When I use CookieBackend I see session key and value

CookieBackend is different. The ID here is encrypted cookie content so it is always available.

[Grustamli]

I will check and report back. Thank you!

[Grustamli]

After checking on a different machine, RedisBackend works fine. Session ID is set as expected. Now, I have to investigate why it didn't work before. Sorry for bothering )