Why connect-mongo creates new session for every request?

[msmirnov]

I have two nodejs servers (web-server, socket-server), that are connected to each other by socket.io. On web-service I use express.js and passport.js as authentication middleware.

This is my web-server config:

var express = require('express'),
    mongo = require('mongodb'),
    io = require('socket.io'),
    passport = require('passport'),
    LocalStrategy = require('passport-local').Strategy,
    MongoStore = require('connect-mongo')(express);

app.configure(function () {
    app.use(express.cookieParser());
    app.use(express.methodOverride());
    app.use(express.bodyParser());
    app.use(express.session({
        secret: 'keyboard cat',
        store: new MongoStore({
          db: 'MyDatabase'
        })
    }));
    app.use(passport.initialize());
    app.use(passport.session());
    app.use(app.router);
    app.use(express.static(__dirname + '/htdocs'));
});

When I use connect-mongo, it creates a new session for each http-request:
(0 element creates with log in request, other elements are created, when I press F5).

When web-server takes socket connection, connect-mongo creates new session. There are about 50 new documents per minute.

What could be the reason?

In the case of updating the page, helped tip to add app.use(express.favicon()).

With sockets question is still actual.

My socket-server code

function sendPortalJSON (portal_id, data, _event) {
    https.get({
        host : ...,
        port : ...,
        path : "/" + _event + "?data=" + encodeURIComponent( JSON.stringify (data))
    }).on('error', function (err) {

    });
}
...
sendPortalJSON(1, agent_data[i].d, "cpu-details");

And on web-server:

app.get('/cpu-details', function (req, res) {});

[kcbanner]

Check the system clock of both your server and client, make sure they are the same. The client could be immediately expiring its cookies if it has a wrong time.

[QETHAN]

app.use express.methodOverride()
app.use express.cookieParser()
app.use express.session
  secret:'pansafe_authserver@pansafe'
  store: new MongoStore
     db: 'pansafe_authserver'
  cookie: {
            maxAge: 24 * 360000 # 24 hours
        }

i got the same question. here i have a client with 127.0.0.1:3000, and a server with 127.0.0.1:8000, when second request, the session will be a new one without user info. i'm very confused!!! help me. TX

[QETHAN]

app.use express.cookieParser()
  app.use express.session
    secret:'pansafe_authserver111@pansafe'
    store: new MongoStore
       db: 'pansafe_authserver111'
    cookie: {
            maxAge: 24 * 360000 # 24 hours
        }

the client one, the above is server conf

[kcbanner]

Check your system time on your server and client. If they are too far apart
cookies will be instantly expiring.
On Apr 14, 2013 10:40 AM, "Ethan" [email protected] wrote:

app.use express.methodOverride()
app.use express.cookieParser()
app.use express.session
secret:'pansafe_authserver@pansafe'
store: new MongoStore
db: 'pansafe_authserver'
cookie: {
maxAge: 24 * 360000 # 24 hours
}

i got the same question. here i have a client with 127.0.0.1:3000, and a
server with 127.0.0.1:8000, when second request, the session will be a
new one without user info. i'm very confused!!! help me. TX

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/57#issuecomment-16352047
.

[QETHAN]

client and server in the same mac, how the system time wil be not same. how to check system time. TX

[QETHAN]

work out. caused by the same ip '127.0.0.1' for both

[QETHAN]

the truth is cookie kept by chrome. the key is localhost for cookie when you have 2 web server with the same ip localhost. so i add a key param for express.session : key:'xxxxx', same cookie but different session every request. it works perfect!

[eranimo]

Please explain what you did. I am having the same issue.

[marshallswain]

Check out the Express API docs here: http://expressjs.com/api.html#cookieSession

The default cookie name is connect.sess. If you don't pass a custom key value to cookieSession(), it will use that name. Do that on two servers and they will overwrite each others' cookies. Very frustrating if you can't figure out what's happening!

_example:_
app.use(express.cookieSession({key:"MyFancyKeyName"}));

[Unitech]

YaY (dirty) solution found!

https://github.com/wesleytodd/express-session-passport-cleanup

jaredhanson/passport#279 (comment)