Dereje1 When the user is not logged in it shows
Get request to index: Session {
cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true } }
Get request to home: Session {
cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true } }
s_coder No, it didn’t help
Hmmm … your session is not persisting as you get the exact same results. In index.js you are attaching the username to the session for only a new user, for existing users you are not attaching a username to the session correct ?
Either way this is very hard to troubleshoot from my phone, like I said I’ll give it a shot when I get back next week, but hopefully you’d have it resolved by then
Hi Olga! Sorry to see you’re still having problems with this issue.
One thing I noticed was this:
app.use(session({
secret: 'keyboard cat',
resave:true,
resave: false,
saveUninitialized: true,
store: new MongoStore({
url: 'mongodb://localhost/dictionary'
})
}));
You have resave listed twice as both ‘true’ and ‘false’.
Actually, I’d recommend to set resave and saveUninitialized as ‘false’ since those are the recommended settings per the documentation.
Ok, I think I figured it out.
In your /public/scripts/login.js file, you have:
initObjLog = {
method: "POST",
headers: headerObjLog,
body: JSON.stringify(bodyObjLog)
};
Add the credentials and set it to ‘include’ like this:
initObj = {
method: "POST",
headers: headerObj,
body: JSON.stringify(bodyObj),
credentials: 'include',
};
If you don’t include it, Fetch won’t receive the cookie created from the login route. See the documentation https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch.
No. Sessions are not the best for SPA’s because you are already in the same page. Sessions are more likely used when you are navigating between pages.
The reason for that is that when you change from one page to another in a not SPA and want to go back, you are making a new http request. Every http request is unique. Therefore when navigating from one page to the other pages in a raw http request format that previous page has lost uniqueness: you will have to load it again, and all the previous data is lost. Without sessions, http won’t recognize the previous visited page as existing because it lost contact with that unique request.
Sessions will remind your future back requests that the page is still active.
In SPA though, you are always in the same page but having a different view modified by your front-end code. You are always in the same session, making session tokens a bit useless.
@wwSchrader saveUnitializaed can be set as true at development. But you are right it should be set as false on production.
I think you could use the same session token. Are you using password or any similar authentication framework?
Hello everybody! Thank you for your replies.
I fixed it using credentials: 'include' I used it before but that didn’t work, I don’t know why, maybe I had another mistake that affected the behavior. I changed my code a lot of times and I don’t know what mistake was there.
I planed to use Passport and Express Session. Also I planned to use tokens later. But my code with Passport and Sessions didn’t work, that’s why I removed it and tried to use Sessions but it didn’t work.
I tried credentials: 'same-origin', it works too.
Glad you found a solution @OStefani