-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.5.0 is not updating the session json file after authentication #94
Comments
@scottc385, Could you provide example code to reproduce it? |
I do not have time today to make a working example, but I will post the pertinent parts of my code: const session = require('express-session'); Note: I also tried every combination of resave, saveUninitialized & rolling settings, but it did not help. passportConfig.js attached |
Also, it was the LocalStrategy that was failing. The JsonStrategy was working. I also commented out the JsonStrategy and the problem still existed. |
My app also has the session not updating problem with the 1.5.0 version. It turned out 1.4.0 does that sometimes too but not that noticeable. Rolling express-session from 1.17.1 back to 1.9.0 or this package to 1.3 seems to fix my app's bug. |
Same problem here! I've been working for hours trying to find out why my login page wasn't functioning. I switched to 1.4.0 and voila! The login is working again. |
I think the problem comes from the write-file-atomic module. The app.post('/login', (req, res, next) => {
const callback = (err, user, info) => {
if (!user) return next(err)
req.logIn(user, (err) => {
if (err) return next(err)
req.session.save(() => {
req.redirect('/')
})
})
}
passport.authenticate('local', callback)(req, res, next);
}) This will ensure that the session is saved before the webpage is reloaded. |
@mcaralp thanks for the tip! This seems to amount to a frustrating race condition when network times are quick compared to file write times. Using oAuth strategies with redirects it gets hard to pinpoint. Manually forcing the session to save (as above) in the verify callback works, but it does make me wonder about session changes between other quick calls once logged in though. I guess in a perfect world it would be nice to have the option of in-memory sessions that are (lazily) file backed, although I guess that starts to get into Redis territory. :) |
I updated my working app from 1.4.0 to 1.5.0 and could no longer log in. Investigated the issue and found the session json file was not being updated with the 'user' object. Sequence:
Going back to 1.4.0 solves the issue.
Also, I noticed that if I delete the session file between steps 1 & 2, it creates a new session files is created with the user object.
Also, also, just by chance I found that if I the client POSTs two times very quickly (or while I am stepping through the debugger) the session file is updated correctly.
The text was updated successfully, but these errors were encountered: