I am trying to access req.sessionID in express-session and connect-mongo so that I can access the session in my MongoStore. However, despite the cookie being the same in Chrome Dev Tools as well as within the sessions db, for some reason I cannot get the correct sessionID from the request object.
I have set up a console.log within that endpoint to see req.sessionID, and every time I refresh the page to request from that endpoint, I get a different sessionID.
Here are all the parts of my code that I think might be relevant:
// Part of backend server setup
app.use(cors(
{
origin: true,
credentials: true,
preflightContinue: true,
methods: ["GET", "PATCH", "POST", "DELETE"],
allowedHeaders: ["Access-Control-Allow-Headers"],
optionsSuccessStatus: 200,
}
));
app.use((req, res, next) => {
res.setHeader("Access-Control-Allow-Origin", "https://localhost:3000");
res.setHeader("Access-Control-Allow-Credentials", true);
res.header("Access-Control-Allow-Origin", "https://localhost:3000");
res.header("Access-Control-Allow-Credentials", true);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept, Cookie, Credentials"
);
next();
});
app.use(Session({
name: 'auth-cookie',
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
store: MongoStore.create({
mongoUrl: process.env.MONGODB_URI,
dbName: dbName,
collectionName: collectionName,
clientPromise: clientP,
autoRemove: 'native',
autoRemoveInterval: 15,
ttl: 14 * 24 * 60 * 60,
serialize: function (obj) {
return new Object(obj);
},
}),
cookie: {
sameSite: 'none',
secure: true,
httpOnly: true,
maxAge: 14 * 24 * 60 * 60,
},
}));
// Part of frontend server setup
app.prepare().then(() => {
https.createServer(options, async (req, res) => {
res.setHeader("Access-Control-Allow-Origin", "https://localhost:8080");
res.setHeader("Access-Control-Allow-Credentials", true);
res.setHeader('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.setHeader(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept, Cookie, Credentials"
);
let urlStr;
if (req.url.includes('localhost')) {
urlStr = '';
} else {
urlStr = req.url;
}
const parsedUrl = new URL(urlStr, "https://localhost");
await handle(req, res);
}).listen(port, (error) => {
if (error) throw error;
console.log(`> Ready on https://${hostname}:${port}`)
})
})
// Frontend request to backend
async function getUser() {
const res = await fetch("https://localhost:8080/user", {
credentials: "include",
headers: {"credentials": "include"},
method: 'GET',
})
.then(res => res.json())
}
I've looked at several other similar posts, and still can't find a solution. If anyone knows what might be missing, please let me know as well.
Thank you.
Edit: The frontend node HTTPS server seems to have access to sessionID. Any way to get it over to the backend HTTPS server?
Edit_2: I've made another observation, that the cookie is actually available on both frontend and backend servers, and that fetching a user isn't a problem at all. for some reason the data just isn't being sent over properly. It keeps giving me a status 400 code on the frontend server, even though I can see the found user on the backend server.
Edit_3: I noticed that when I request the user directly from the backend server, I get data back without any issues. However, when I request the user from the frontend using fetch, I get null back. Does anyone know what might be causing this?
Here is what I have for the get request for sending the user data over to frontend:
...
const user = await User.findOne({ _id: new ObjectId(req.session['userId']) })
if (user === null) {
return res.status(400).send({ message: "Authentication Failed" });
}
return res.status(201).json(user);
});