req.session is null but cookies are not destroyed

Question

req.session is null but cookies are not destroyed

ste9206 opened this issue 7 years ago · comments

I use cookie-session in my Express server that uses Parse Server. Then I have React webapp that do get/post to the server. This is how I setup

app.use(cookieSession({
  name: 'parse-session',
  secret: "SECRET_SIGNING_KEY",
  maxAge: 15724800000
}));

and this is how I save user informations at login:

req.session.user = user;    
req.session.token = user.getSessionToken();

it works well because when I call rest api:

 request({
      uri:'http://myapi.com/parse/users/me',
      headers: {
        'X-Parse-Application-Id': 'my-app-id',
        'X-Parse-Session-Token': req.session.token
      },
      json:true    
    
    }).then((userData) => {
       console.log(userData);               
    }).catch((error) => {
        console.log(`User do not exist: ${error}`);
    });

it gives me userData; the problem is at logout because I do this:

if(req.session){
     req.session = null;
       
  }

it put session at null, but if I try to do a request above, using it in React to call Express server:

fetch('/user',{credentials:'include'})
       .then((response)=>{
           return response.json();
       })
       .then((body)=>{
           if(body.user){
               console.log('vv',body.user);
               this.setState({logIn:true});
           }
           else{
               console.log('vv',body);
           }

       }).catch((error)=>{
              console.log('My error:',error);
   
       });

req.session.token continue to exist. Is there a way to delete cookie when put req.session = null ? Because the only way to delete the session token is when I delete history on the browser.

Douglas Wilson · Answer 1 · Tue Feb 13 2018 22:39:05 GMT+0800 (China Standard Time)

Just the req.session = null; is indeed how you delete the cookie. Weird that it's not happening. Can you provide all the following so I can reproduce the issue and debug through it?

Version of Node.js
Version of this module and all other mdoules used
Complete server code I can copy and paste and run
Complete client code I can copy and paste and run
Instructions for how to reproduce (open browser to ... click on ... etc.).

Thanks!

ste9206 · Answer 2 · Wed Feb 14 2018 06:00:37 GMT+0800 (China Standard Time)

Ok, I've prepared all. Should I post here all files?

Douglas Wilson · Answer 3 · Wed Feb 14 2018 06:37:24 GMT+0800 (China Standard Time)

Hi @ste9206 if there are a lot of files, a link to a git repo is usually the best, because a git clone can replace a lot of instructions saying where to place files and what to name them 👍

ste9206 · Answer 4 · Wed Feb 14 2018 07:59:56 GMT+0800 (China Standard Time)

node version: 9.5.0
I've used this tutorial: https://esausilva.com/2017/11/14/how-to-use-create-react-app-with-a-node-express-backend-api/
here there is the project: https://github.com/ste9206/react-express

tell me if there's something wrong

Douglas Wilson · Answer 5 · Wed Feb 14 2018 08:01:05 GMT+0800 (China Standard Time)

Thanks @ste9206 I'll check it out. Can you include the instructions for how to reproduce (open browser to ... click on ... etc.).

ste9206 · Answer 6 · Wed Feb 14 2018 08:04:03 GMT+0800 (China Standard Time)

Yes, first in terminal use "yarn dev", this will setup both server and client, then in the '/' path you can find forms about login/logout

Douglas Wilson · Answer 7 · Wed Feb 14 2018 08:10:01 GMT+0800 (China Standard Time)

So I cloned the repo and I've been trying to run yarn dev and I keep getting errors from various things not being installed. Can you provide a list of everything that needs to be installed so I can just run the command?

Douglas Wilson · Answer 8 · Wed Feb 14 2018 08:11:45 GMT+0800 (China Standard Time)

So far I installed yarn, then nodemon, and now waiting for react-scripts to install.

Douglas Wilson · Answer 9 · Wed Feb 14 2018 08:13:36 GMT+0800 (China Standard Time)

So after that, it seems like yarn dev worked and opened a webpage in my browser, but it is an error page:

Any ideas how to resolve?

ste9206 · Answer 10 · Wed Feb 14 2018 18:12:45 GMT+0800 (China Standard Time)

Have you installed axios in the client package.json ?

ste9206 · Answer 11 · Wed Feb 14 2018 18:21:03 GMT+0800 (China Standard Time)

I've also create a user to login: admin@helpapp.io , password: 123456

Douglas Wilson · Answer 12 · Tue Feb 27 2018 11:00:15 GMT+0800 (China Standard Time)

Hi @ste9206 I'm not sure I understand how to do that. I ran npm install but same issue. Can you help provide the specific thing I need to do to accomplish "installed axios in the client package.json" ?

Douglas Wilson · Answer 13 · Mon Apr 02 2018 20:34:49 GMT+0800 (China Standard Time)

Closing due to no response. I tried many times since and haven't gotten it to work without giving various errors.

Tran Ngoc Bao · Answer 14 · Fri Aug 17 2018 13:01:06 GMT+0800 (China Standard Time)

Add res.end(); after req.session = null;

frederikhors · Answer 15 · Wed Sep 12 2018 19:15:46 GMT+0800 (China Standard Time)

@aliencorp can you try this reproduction? #104

Israel Tiomno · Answer 16 · Thu Aug 27 2020 10:24:58 GMT+0800 (China Standard Time)

For those using Apollo Server + Express, I tricked the browser by sending an empty session back to it. ^^

This is my logout mutation resolver:

logout: async (_, __, req) => { // I pass req as the resolvers context
      if (!req.session.user) {
        throw new Error('User already logged out!')
      }

      //Destroying the session as so `req.session = null` doesn't trigger the Setter for 'session'
      req.session.user = null
      req.session.token = null

      return true
    },

BTW, checking the code in node_module I see it's different from GitHub latest version. Why isn't npm pulling the latest version of this package?