Categories
express express-session javascript node.js

Express-session not persistent after redirect

Yesterday, I tried to make a website, using Node.js and the framework Express.js. On this website, the user needs to log, with credentials, who are checked in database. If the credentials are correct, I want to save the user’s informations in a session.

In this aim, I use the middleware Express-Session, but I have a problem. When the user types good credentials, its informations are correctly stored in the session. However, after redirecting the user to the homepage, the session is cleared, so the variable who stores the user’s informations is now undefined.

I tried many solutions, and I searched a lot, but I didn’t reached to fix this problem…

There is my code :
app.js :

const createError = require('http-errors');
const express = require('express');
const session = require('express-session');
const path = require('path');
const helmet = require('helmet');
const cookieParser = require('cookie-parser');
const logger = require('morgan');
const bodyParser = require('body-parser');
const indexRouter = require('./routes/index');
const usersRouter = require('./routes/users');
const admRouter = require('./routes/adm');
const urlencodedParser = bodyParser.urlencoded({extended : false});
const app = express();
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(logger('dev'));
app.use(express.json());
app.use(urlencodedParser);
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
app.use(session({secret: 'secret', resave: false, saveUninitialized: false, cookie: { maxAge : 60000, secure: false }}));
app.use('/', indexRouter);
app.use('/users', usersRouter);
app.use('/adm', admRouter);
// On utilise helmet pour sécuriser l'application.
app.use(helmet());
// catch 404 and forward to error handler
app.use(function(req, res, next) {
next(createError(404));
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
app.listen(80);

And index.js :

const express = require('express');
const router = express.Router();
const bodyParser = require('body-parser');
const verif = require('../functions/verif');
const password = require('node-php-password');
const dbServer = require('../database');
// const credentials = require('../functions/dbCredentials');
// const dbServer = mysql.createConnection(credentials);
const urlencodedParser = bodyParser.urlencoded({extended : false});
/* GET home page. */
router.get('/', function(req, res, next) {
console.log(JSON.stringify(req.session.user));
res.render('index', {verif, req });
});
router.post('/login', urlencodedParser, (req, res, next) => {
if(req.body.username !== undefined && req.body.password !== undefined) {
if(req.body.username !== null && req.body.password !== null) {
dbServer.query('SELECT * FROM users WHERE username = ?', [req.body.username], function(error, result, fields) {
if (error) throw error;
// if(password.verify(req.body.password, result))
console.log("resultat : " + JSON.stringify(result));
if(result.length > 0) {
const utilisateur = result[0]; // On stocke la ligne concernant l'utilisateur dans une constante locale.
console.log("L'utilisateur existe.");
// On teste le résultat obtenu, pour savoir si son mot de passe est correct.
if(password.verify(req.body.password, utilisateur.password)) {
console.log("Mot de passe correct.");
req.session.user = utilisateur;
console.log(req.session.user);
} else {
// TODO : Session, pour afficher l'erreur.
console.log("Mot de passe incorrect.");
}
}
else {
console.log("L'utilisateur n'existe pas.")
// TODO : Session, pour afficher l'erreur.
}
});
}
}
res.redirect('/');
});
module.exports = router;

With this code, when the user logs in, the :

console.log(req.session.user);

displays correct informations, but the line :

console.log(JSON.stringify(req.session.user));

for the route ‘/’ displays “undefined”.

So, I’m a bit lost in this situations…
Do you have ideas to fix this problem ?
Thanks by advance =)