Why connect-mongo creates new session for every request? #57

Closed
msmirnov opened this Issue Mar 8, 2013 · 10 comments

7 participants

@msmirnov

I have two nodejs servers (web-server, socket-server), that are connected to each other by socket.io. On web-service I use express.js and passport.js as authentication middleware.

This is my web-server config:

var express = require('express'),
    mongo = require('mongodb'),
    io = require('socket.io'),
    passport = require('passport'),
    LocalStrategy = require('passport-local').Strategy,
    MongoStore = require('connect-mongo')(express);
app.configure(function () {
    app.use(express.cookieParser());
    app.use(express.methodOverride());
    app.use(express.bodyParser());
    app.use(express.session({
        secret: 'keyboard cat',
        store: new MongoStore({
          db: 'MyDatabase'
        })
    }));
    app.use(passport.initialize());
    app.use(passport.session());
    app.use(app.router);
    app.use(express.static(__dirname + '/htdocs'));
});

When I use connect-mongo, it creates a new session for each http-request:
(0 element creates with log in request, other elements are created, when I press F5).
mongovue

When web-server takes socket connection, connect-mongo creates new session. There are about 50 new documents per minute.

What could be the reason?

In the case of updating the page, helped tip to add app.use(express.favicon()).

With sockets question is still actual.

My socket-server code

function sendPortalJSON (portal_id, data, _event) {
    https.get({
        host : ...,
        port : ...,
        path : "/" + _event + "?data=" + encodeURIComponent( JSON.stringify (data))
    }).on('error', function (err) {

    });
}
...
sendPortalJSON(1, agent_data[i].d, "cpu-details");

And on web-server:

app.get('/cpu-details', function (req, res) {});
@kcbanner
Owner

Check the system clock of both your server and client, make sure they are the same. The client could be immediately expiring its cookies if it has a wrong time.

@QETHAN
app.use express.methodOverride()
app.use express.cookieParser()
app.use express.session
  secret:'pansafe_authserver@pansafe'
  store: new MongoStore
     db: 'pansafe_authserver'
  cookie: {
            maxAge: 24 * 360000 # 24 hours
        }

i got the same question. here i have a client with 127.0.0.1:3000, and a server with 127.0.0.1:8000, when second request, the session will be a new one without user info. i'm very confused!!! help me. TX

@QETHAN
app.use express.cookieParser()
  app.use express.session
    secret:'pansafe_authserver111@pansafe'
    store: new MongoStore
       db: 'pansafe_authserver111'
    cookie: {
            maxAge: 24 * 360000 # 24 hours
        }

the client one, the above is server conf

@kcbanner
Owner
@QETHAN

client and server in the same mac, how the system time wil be not same. how to check system time. TX

@QETHAN

work out. caused by the same ip '127.0.0.1' for both

@QETHAN

the truth is cookie kept by chrome. the key is localhost for cookie when you have 2 web server with the same ip localhost. so i add a key param for express.session : key:'xxxxx', same cookie but different session every request. it works perfect!

@eranimo

Please explain what you did. I am having the same issue.

@marshallswain

Check out the Express API docs here: http://expressjs.com/api.html#cookieSession

The default cookie name is connect.sess. If you don't pass a custom key value to cookieSession(), it will use that name. Do that on two servers and they will overwrite each others' cookies. Very frustrating if you can't figure out what's happening!

example:
app.use(express.cookieSession({key:"MyFancyKeyName"}));

@nukulb nukulb added a commit to hubba/connect-mongo that referenced this issue May 2, 2014
@nukulb nukulb Workaround for storing every ping.
connect-mongo stores every ping as a session. This obviously bleeds and makes
the session store massive with time. Obviously we can write a service to clean
it up but we have chosen to work around it using this hack

Once this issue is fixed we can remove it
kcbanner#57
46b06cd
@jdesboeufs jdesboeufs added the session label Dec 17, 2014
@jdesboeufs jdesboeufs closed this Dec 22, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment