Losing Session Variable

[bloodyKnuckles]

Session variable goes missing. Cookie still valid. Session still valid. I'm using the file session storage. Looking at the session file, before and after missing, and the only thing different is the session variable is gone. I've copied the session file when the session variable is present and then restored the file after the session variable disappears and we're back up and running.

I can GET and POST any number of times, usually many times, sometimes only a few times, and the session variable remains, then the next round trip to the server and the session variable is gone immediately upon startSession.

I've noticed in the session file flash: { old: [], new: [] } is present with the session variable, but goes missing along with the session variable.

Looking at the server logs: on the last pass before it goes missing I can track the presence of the session variable all the way through the server processing, still there at the end of the procedure. Then on the next pass, immediately after startSession the session variable (and flash: { old: [], new: [] }) is gone.

Using this type of setup:

https://github.com/quorrajs/NodeSession/blob/master/examples/nodehttps.js

Setting the session variable, at login: req.session.put('usertoken', usercredentialsobj.usertoken).
Authenticating: if ( true === req.session.has('usertoken') ) {. Here is where I get directed to the login screen when the session variable is missing.
If token exists, then comparing token to database: db.usertokenvalid({usertoken:req.session.get('usertoken')}, function (err, usertokenobj) {.

[harishanchu]

From your issue I think session is cleared by the garbage collector.

Are you sure whether cookie is valid when you loose your session?

Default session lifetime for NodeSession is 5 minutes. ie, after this time cookie will get expire. Even though session will be present in the storage until the garbage collector hits the lottery.

By default the chances of removing expired sessions from storage is twice per 100 requests(garbage collector is designed like this for performance reasons). Please see the garbage collector method of the file session driver here for more insight on this.

[bloodyKnuckles]

(The problem might be solved [see below], but first...)

@harishanchu I appreciate the insight. Yes the cookie's a good place to start, but the cookie has not expired. I'm keeping close track of it on the browser, and I set NodeSession lifetime parameter to 7 days. I've been cross referencing the cookie node_session value to the session file name in the sessions directory, and the _token property value in the session file compared to the req.session.__attributes object, and all remain consistent.

However...

Digging in the code I noticed NodeSession takes over the res.end function:

https://github.com/quorrajs/NodeSession/blob/master/index.js#L82

So, I started wondering if this was an issue with Ecstatic. I'm using it to deliver static files. Last evening I tried taking Ecstatic out of the picture.

Here's my before code, in which sessionStart wraps around Ecstatic:

NodeSession.startSession(req, res, function () {
  if ( rm && 'POST' === req.method ) {
    body(req, res, function (err, pvars) {
      rmx = xtend(rmx, { params: xtend(rmx.params, pvars) })
      result = rm.fn(req, res, rmx)
    })
  }
  else if ( rm ) { result = rm.fn(req, res, rmx) }
  else { ecstatic(req, res) }
})

And my after code, where I exclude Ecstatic from the startSession callback:

if ( rm ) {
  NodeSession.startSession(req, res, function () {
    if ( 'POST' === req.method ) {
      body(req, res, function (err, pvars) {
        rmx = xtend(rmx, { params: xtend(rmx.params, pvars) })
        result = rm.fn(req, res, rmx)
      })
    }
    else { result = rm.fn(req, res, rmx) }
  })
}
else { ectstatic(req, res) }

I've been reloading, refreshing over and over yesterday and today and so far no problems. Whereas before I'd lose the session variable I set at least within, probably as you say, 100 requests, more often 10 or 20, or less.

---

And here's the server code (in a nutshell):

var https = require('https')
var fs = require('fs')
var path = require('path')
var xtend = require('xtend')
var url = require('url')
var body = require('body/any')
var ecstatic = require('ecstatic')(path.join(__dirname, 'public'))
var NodeSession = require('node-session')
var router = require('./lib/router.js') // using npm routes

var nodeSession = new NodeSession({
  secret: 'D?w5Sy4CJnO@Ae847l|)CgZ_W6cSIl4E',
  'lifetime': 7 * 60 * 60 * 1000,
  'secure': true,
  'encrypt': true
})

var secserver = https.createServer({
    key : fs.readFileSync('path/to/keys/agent2-key.pem'),
    cert: fs.readFileSync('path/to/keys/agent2-cert.pem')
  },
  function (req, res) {
    var rm = router.match(url.parse(req.url).pathname)
    if ( rm ) {
      NodeSession.startSession(req, res, function () {
        if ( 'POST' === req.method ) {
          body(req, res, function (err, pvars) {
            rmx = xtend(rmx, { params: xtend(rmx.params, pvars) })
            rm.fn(req, res, rmx)
            })
          }
          else { rm.fn(req, res, rmx) }
        })
      }
    else { ecstatic(req, res) }
  }
).listen(8000)

[bloodyKnuckles]

I've been testing for the presence of the session var periodically throughout the day and have not lost it yet. It looks like moving Ecstatic outside the startSession method solved the problem.

UPDATE: day two of testing, session variables remain. :)

UPDATE # 2: four days later, session variable (initiated 4 days ago) remains! Have not lost it yet.