session: Can't set manual sessionID

Similar to #148, I’m can’t seem to set a manual sessionID. Setting it in signedCookies like seems to be the solution doesn’t seem to work:

app
  .use(function(req, res, next) {
    if(req.query.sessionID) {
      req.signedCookies["connect.sid"] = req.query.sessionID;
    }
    next();
  })
  .use(session({
    httpOnly: false,
    secret: 'secret',
    resave: false,
    saveUninitialized: true
  })
  .get('/session', function(req, res) {
    console.log('sessionID:', req.sessionID);
    req.session.tmp = req.session.tmp + 1 || 0;
    req.session.save();
    res.send('session: ' + req.session.tmp);
  })

When I hit http://localhost:3000/session?sessionID=42 a couple of times, the counter goes up. When I hit that exact same url in a different browser I expect it to pick up the count from the session, but it does not.

An observation: The log for req.sessionID is not what I gave to the query string, so I guess it’s initialising its own sessionID instead.

I’ve also tried a custom genid like so:

  .use(session({
    httpOnly: false,
    secret: 'secret42',
    resave: false,
    saveUninitialized: true,
    genid: function(req) {
     return req.query.sessionID || uuid.v1();
   }
  })

This seemed like a cleaner solution anyway, but it also doesn’t work for me. It sets the sessionID correctly for the first hit, but it won’t update it for requests with a different sessionID.

Any help on this would be great!

About this issue

  • Original URL
  • State: open
  • Created 9 years ago
  • Reactions: 4
  • Comments: 17 (7 by maintainers)

Most upvoted comments

Middleware configuration:

const uid = require("uid-safe").sync;

var middleware = session({
  genid: function(req) {
    if ( (req.session) && (req.session.uid) ) {
      return req.session.uid + "_" + uid(24);
    } else {
      return uid(24);
    }
  }
  secret: config.cookieSecret,
  store: sessionStore,
  resave: false,
  saveUninitialized: false
})

On successfull authentification:

req.session.uid = data.id;
req.session.regenerate(function (err) {
  if (err) throw err;
  req.session.uid = data.id;
  // ...
});
+4
em92 on Jun 4, 2018

really need to set the manual sessionID

+2
mgttt on Apr 12, 2018

Simply remove cookie/headers by creating a middleware for route, and run before session middleware -> this help express-session alway run to genid function

function makeid(length) {
  var result           = '';
  var characters       = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
  var charactersLength = characters.length;
  for ( var i = 0; i < length; i++ ) {
    result += characters.charAt(Math.floor(Math.random() * charactersLength));
  }
  return result;
}
  let app = express();
  app.use('/test', (req, res, next) => {
    console.log("Delete cookie, header values:", req.headers);
    delete req.cookies;
    delete req.headers['cookie'];
    next();
  })
  app.use(session({
    genid: function(req) {
      console.log('Run to genid function', req.query);
      if (req.query.ssId) {
        return req.query.ssId;
      } else {
        return makeid(12);
      }
    },
    resave: false,
    saveUninitialized: false
  }));

  const router = express.Router()

  router.use('/test', (req, res, next) => {
    req.session.user_data={name: "cuong ta"};
    res.json({
      receive: true,
      sessionId: req.sessionID
    });
  })

Test with http://localhost/test?ssId=123456

+1
cuongtavan on Oct 8, 2019
Read more comments on GitHub
← session: Bug: Error on Google Cloud Functions
session: Cookie expiration date not being set correctly →