Session persistence using connect-redis and redis-io

Question

Hi guys im trying to have my session persist using connect-redis but I haven't had any success yet.

libraries im using

import connectRedis from "connect-redis";

import Redis from "ioredis";

const app = express();
  const RedisStore = connectRedis(session);
  const redis = new Redis();
  app
    .use(morgan("dev"))
    .use(
      cors({
        origin: "http://localhost:3000",
        credentials: true,
      })
    )
    .use(bodyParser.urlencoded({ extended: false }))
    .use(bodyParser.json())
    .use(
      session({
        name: COOKIE_NAME,
        store: new RedisStore({
          client: redis,
          disableTouch: true,
          logErrors: true,
        }),
        secret: SESSION_SECRET,
        saveUninitialized: false,
        resave: false,
        cookie: {
          secure: false,
          maxAge: 1000 * 60 * 60 * 24,
          httpOnly: false,
          sameSite: "lax",
        },
      })
    );

My authentication works properly. However, the session is deleted on refresh.

Here is my 'response headers'

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:3000
Connection: keep-alive
Content-Length: 205
Content-Type: application/json; charset=utf-8
Date: Mon, 01 Mar 2021 22:08:09 GMT
ETag: W/"cd-dAeR9gw/rPjK0kUvyLV0BaIadT4"
Set-Cookie: qid=s%3ADozy85MX9RpXrf7FSGEoD-CdlN4LMY8a.0qK2D0Hjz%2B8wIRMaxeMUhKCRQwmRPQrULYSTVW5xo1g; Path=/; Expires=Tue, 02 Mar 2021 22:08:09 GMT; SameSite=Lax
Vary: Origin
X-Powered-By: Express

However the cookie is not being set.

Would love any advice

Here is the response header

EDIT: added response header response

In the browser open the dev tools -> go to the network tab -> click on the request that should set the cookie -> check if the "Set-Cookie" header shows under "response headers" — Leibale Eidelman, Mar 01 '21 at 15:55
@LeibaleEidelman Set-Cookie is showing in the 'response header'. But no cookie is shown when check cookies in the application tab. Any idea why my cookie is not being set? — Dewinpena, Mar 01 '21 at 22:06
And you don't see any warning sign on it? Can you share an image of the "Set-Cookie" header? — Leibale Eidelman, Mar 02 '21 at 12:51
@LeibaleEidelman I added the image which shows the header-response. — Dewinpena, Mar 02 '21 at 13:08
You'e mixing CORS + Lax, as described [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#lax), that's not gonna work. Try to follow [these steps](https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests#46412839). — Leibale Eidelman, Mar 02 '21 at 13:34
I did as in the links but now the response is not including my cookie. — Dewinpena, Mar 02 '21 at 14:11
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/229400/discussion-between-dewinpena-and-leibale-eidelman). — Dewinpena, Mar 02 '21 at 14:28

Session persistence using connect-redis and redis-io

0 Answers0