Need to access session object for the session to save or set cookies?

[NickWoodward]

Hi,

Not sure if this is a weird issue or not, but my app suddenly stopped saving sessions and setting cookies.

This was my express log for the route I was hitting:

express:router dispatching POST /auth/login +18s
express:router query  : /auth/login +0ms
express:router expressInit  : /auth/login +1ms
express:router session  : /auth/login +0ms
express-session no SID sent, generating session +1ms
express:router <anonymous>  : /auth/login +1ms
express:router jsonParser  : /auth/login +0ms
express:router urlencodedParser  : /auth/login +1ms
express:router trim prefix (/auth) from url /auth/login +0ms
express:router router /auth : /auth/login +1ms
express:router dispatching POST /login +0ms

Accessing the session object immediately after setting it up

   app.use((req, res, next) => {
    	req.session.init = "init";
    	next();
    });

Fixes the issue, and sessions start saving again and cookies are set. I was just wondering why that might be? Here's the new log with the above code:

    express:router dispatching POST /auth/login +58ms
    express:router query  : /auth/login +1ms
    express:router expressInit  : /auth/login +2ms
    express:router session  : /auth/login +1ms
    express-session no SID sent, generating session +5ms
    express:router <anonymous>  : /auth/login +4ms
    express:router <anonymous>  : /auth/login +0ms
    express:router jsonParser  : /auth/login +3ms
    express:router urlencodedParser  : /auth/login +3ms
    express:router trim prefix (/auth) from url /auth/login +1ms
    express:router router /auth : /auth/login +1ms
    express:router dispatching POST /login +0ms
  
    express-session saving 3FOu73E3BHGVl0Rw-KtrCOjjqcDZlxRY +31ms
    express-session set-cookie session-cookie=s%3A3FOu73E3BHGVl0Rw-KtrCOjjqcDZlxRY.ucs49AVEgJFmJ1b5CeDuICqIihbDeNa294ImU4XC2lg; Path=/; Expires=Mon, 23 Jan 2023 11:29:39 GMT; HttpOnly; SameSite=Strict +9ms
    express-session split response +8ms

Here's my app.js file. Commenting out the above lines causes the code to break.

  const options = {
  	host: process.env.DB_HOST,
  	port: process.env.DB_PORT,
  	user: process.env.DB_USER,
  	password: process.env.DB_PASSWORD,
  	database: process.env.DB_DATABASE
  };
  
  const sessionStore = new MySQLStore(options);
  
  app.use(session({
  	name: process.env.SESSION_NAME,
  	secret: process.env.SESSION_SECRETS,
  	store: sessionStore,
  	resave: false,
  	saveUninitialized: false,
    cookie: {
      secure: false,
      httpOnly: true,
      sameSite: 'strict',
      maxAge:600000
    }
  }));

  // *This code makes Express-Session work*
  app.use((req, res, next) => {
  	req.session.init = "init";
  	next();
  });

Any ideas why that might be? Am I making a mistake when setting up Express-Sessions?

Thanks

[dougwilson]

To answer your top question, you have both resave and saveUninitialized set to false, so yes you would need to alter your session for the cookie to set, as that is how you configured your session module.

[NickWoodward]

To answer your top question, you have both resave and saveUninitialized set to false, so yes you would need to alter your session for the cookie to set, as that is how you configured your session module.

Ah ok, I hadn't realised that applied to new sessions. That makes sense, thanks!