You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to share sessions between an Express server and a PHP server using Redis. However, I am having difficulty sharing sessions due to cookie issues.
When Express creates a cookie for the session ID, it appends the string s: and an hmac to the session ID. On the other hand, PHP only stores the session ID in the cookie.
Is there a way to prevent Express from appending s: or hmac to the session ID in the session configuration? Why are s: and hmac necessary in the cookie?
It has been a while since I have looked at that package, but IIRC those are added using secure cookies and the point is so the middleware can know it should and then check the it's integrity. I would recommend using just one things to create and manage sessions, so maybe you could have the php side make an api request to validate the session and/or fetch it's data from redis?
Ah I hit send early. I should have mentioned that we don't really offer technical support here. This discussions repo is more about the project discussing direction, feature work, and bugs fixes. You might want to ask on a place like StackOverflow or Reddit where more people are there to share opinions and help out.
Hi there,
I am trying to share sessions between an Express server and a PHP server using Redis. However, I am having difficulty sharing sessions due to cookie issues.
When Express creates a cookie for the session ID, it appends the string s: and an hmac to the session ID. On the other hand, PHP only stores the session ID in the cookie.
Is there a way to prevent Express from appending s: or hmac to the session ID in the session configuration? Why are s: and hmac necessary in the cookie?
Thank you for your time.
The text was updated successfully, but these errors were encountered: