I'm using express-session to set a session cookie with a redis session store. When the user logs in I can successfully set a cookie logging them in as shown by clicking the "lock" icon next to the page url in chrome and viewing the cookie. However, when the page is refreshed my user is logged out as the cookie is gone.
How can I prevent loss of that cookie on page refresh?
My session options minus my routes look like this and I run my client on https.
let sessionOptions = {
secret: "REDACTED_FROM_STACKOVERFLOW",
resave: true,
name: "redisSession",
expires: new Date(Date.now() + (60 * 1000 * 60 * 100000)),
store: new RedisStore({client: redisClient}),
cookie: {
sameSite: 'none',
secure: true,
httpOnly: true,
maxAge: 1000 * 60 * 1000
},
rolling: true,
saveUninitialized: true
};
app.use(cors({credentials: true, origin: 'https://localhost:8080'}));
const httpsOptions = {
key: fs.readFileSync(process.env.localHostCertKeyPath),
cert: fs.readFileSync(process.env.localHostPemPath)
}
app.use(cookieParser("REDACTED_FROM_STACKOVERFLOW"));
const httpsOptions = {
key: fs.readFileSync(process.env.localHostCertKeyPath),
cert: fs.readFileSync(process.env.localHostPemPath)
}
const server = https.createServer(httpsOptions, app).listen(
constants.LOCAL_PORT,
constants.HOST_NAME,
() => {
console.log("https://" + constants.HOST_NAME + ':' + constants.LOCAL_PORT + '/');
}
);
- Redis's logs show no errors.
- The cookie is set. its just being deleted afterwards. My login and logout routes work.
- The expiration time of my cookies as seen in chrome is well after I refresh the page.
- The req.session object and set variables are accessable using the cookie if the page is not refreshed
- I'm using
express
,express-session
,redis
andconnect-redis
libraries. - Front end is on react.
Edit:
Full Text:
redisSession=s:YGOMoRx_wWiIiqiYOYaIfcbbKfBujg7w.92wwY6TupTwVjRs4FLbWLxxSi6bm5XW7fDwNfXInW4Q; Path=/; Expires=Sun, 07 Mar 2021 16:18:28 GMT; HttpOnly; Secure; SameSite=None