Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

express-session loses session when app runs into error #17

Closed
akamensky opened this issue Mar 21, 2014 · 1 comment
Closed

express-session loses session when app runs into error #17

akamensky opened this issue Mar 21, 2014 · 1 comment

Comments

@akamensky
Copy link

I ran into this issue while writing app that utilizes express-session package with redis as session storage.

In short - if app experiences some error that doesn't necessarily affect related session information, the user is magically logged out with his session object being gone from redis. I am not sure whether this is issue of this package, or maybe redis-storage package, or even my code, so I created simple example app that demonstrates this issue. (https://github.com/akamensky/express-session-bug)

To reproduce this issue:

With the sequence above I would expect user to stay logged in at the end but it doesn't happen..

@joewagner
Copy link
Member

Unless specifically done in your application's code, session saving is done by proxy of req.end.
What is happening is that your call to Session#regenerate is destroying the session in redis. Then the error occurs before the newly generated session is initially saved –since req.end isn't called–. Two solutions might be:

  1. save the session immediately in the regenerate callback
  2. Don't regenerate the session on each request, particularly since this creates a race condition if a user makes two concurrent requests from the same client.

I don't think this is an express-session issue, feel free to reopen this if you disagree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants