CODEWITHSUNDEEP
node.jssessioncookiesexpress-session
Kai021195
Kai021195

Reputation: 833

Can't not set cookie in express-session using node.js

I tried to see if my cookies is working ,so here's my code

    const RedisStore = connectRedis(session)
    const redisClient = redis.createClient()
    app.use(
        session({
            //name: 'qid',
            store: new RedisStore({  //ttl: how long it should last
                client: redisClient, 
                //disableTTL :true, //make sure session last forever
                //disableTouch: true, // make sure it does'nt have to update the last time it's ttl
            }),
            cookie:{
                maxAge: 1000*60*60*24*365*10, //10 years
                path: "/"
                //httpOnly:true, //javascript front end can't access
                //sameSite:'none', // csrf
                //secure:false
                //secure: __prod__ //cookie only works in https
            },
            saveUninitialized:true, //automatically create a empty session on default
            secret: 'some secret', //env
            resave: false,
        }) 
    )
    app.listen(4000,()=>{
        console.log('server stared on localhost:4000')
    })
    app.get('/products', (req,res,next) => {
        console.log(req.session);
        if(!req.session.userId){
            req.session.userId = 1
        }else{
            req.session.userId = req.session.userId +1
        }
        console.log(req.session.userId) //test if work
        res.send("hello")
    })

So here's the thing, when I connect to localhost:4000/products, In the cookie session, I can only see these enter image description here

But when I print out the results on vscode console, I can see the number is growing like below , so I do have a session, it's just not showing on the browser , can anyone tell me why is that?

server stared on localhost:4000
Session {
  cookie: {
    path: '/',
    _expires: 2031-08-18T12:59:30.827Z,
    originalMaxAge: 315360000000,
    httpOnly: true
  },
  userId: 10
}
11
Session {
  cookie: {
    path: '/',
    _expires: 2031-08-18T13:00:37.257Z,
    originalMaxAge: 315360000000,
    httpOnly: true
  },
  userId: 11
}
12

Upvotes: 0

Views: 1885

Answers (1)

Kai021195
Kai021195

Reputation: 833

So I got a solution after a lot of tests, So if you only set your cookie to same-site:"none" without secure options ,it would be like my situation,but if you want to turn on secure option your endpoint have to be https, so I don't think this was the answer, and you can change to lax or other options it would act normal in your localhost,

Work in local host

  • lax
  • (don't set same site)

But due to secure policy https://www.chromium.org/updates/same-site you can't not pass cookie to some certain website (in my case I want to test cookies in my graphql apollo studio) without setting same-site:"none" secure, so I use mkcert to use https in my localhost https://web.dev/how-to-use-local-https/ , and everything works,

Work

  • samesite : none
  • secure : true
  • https:yourendpoint

Upvotes: 1

Related Questions