Reputation: 1530
use nodejs module express-session with secure does not work
I use express-session module with redis connection and nginx proxy. If I use it with secure: false the sid cookie is set. But if I set it to secure it does not. I am set a other cookie directly with express and secure: true and it works.
Express-Session config in Express:
//proxy configuration
app.set('trust proxy', 1); // trust first proxy (ngnix proxy)
//session
app.use(session({
secret: 'to-secret-to-show',
resave: false,
saveUninitialized: true,
rolling: true,
cookie: {
httpOnly: true,
sameSite: 'strict',
secure: secure
},
store: new RedisSessionStore({
client: redis,
ttl: 86400, //time to life, one day
}),
}));
If secure is set to true or false depents on the envirement. I try to set it directly to true, but does not make a chnage.
nginx proxy settings:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
#proxy_set_header X-Forwarded-Host $http_host;
proxy_pass http://nodejs;
proxy_redirect off;
When I look at Dokumentation files it should be correct. Do I forgot something? I can not make to heavy test, because I have only my live system with secure connections.
Upvotes: 2
Views: 925
Answers (1)
Reputation: 203231
Try adding an X-Forwarded-Proto header:
proxy_set_header X-Forwarded-Proto $scheme;
This is how express-session determines if the connection to nginx was secure.
Upvotes: 4
Related Questions
- express-session secure: true
- Express-session not sending secure cookie to localhost
- Expressjs secure session cookie
- session not persisting when using secure cookie in NodeJS with express-session
- Express-session Secure Cookies not working
- express-session is not returning cookie when set cookie.secure = true
- How to use cookie-session for node expresss.js
- Session in nodejs
- NodeJS cookies don't work with sessions in Express 4
- express session management not working