express-socket.io-session: Bug when socket.io connects before first HTTP connection

Hi, I discovered a bug (or maybe just a weird unexpected behavior) with this module.

Description:

When socket.io connects before express.js gets one HTTP request, socket.io gets a new session ID every time it reconnects. As soon as one HTTP request reaches the server, the session ID is static. This leads to unexpected behavior when a socket reconnects after a server restart or network problem.

Code to reproduce:

// bug.js
var app = require('express')(),
    server  = require("http").createServer(app),
    io = require("socket.io")(server),
    session = require("express-session")({
        secret: "my-secret",
        resave: true,
        saveUninitialized: true
    }),
    sharedsession = require("express-socket.io-session");

// Attach session
app.use(session);

app.get('/', function (req, res) {
    console.log('express id: ' + req.session.id);
    res.sendFile(__dirname + '/bug.html');
});

// Share session with io sockets
io.use(sharedsession(session));

io.on("connection", function(socket) {
    console.log('socket.io id: ' + socket.handshake.session.id);        
});

server.listen(3000);

<!--bug.html-->
<!DOCTYPE html>
<html>
<head>
    <title></title>
    <script src="/socket.io/socket.io.js"></script>
    <script>
        var socket = io('http://localhost:3000', {
            reconnection: false
        });
        function httpGet() {
            var xmlHttp = new XMLHttpRequest();
            xmlHttp.open( "GET", 'http://localhost:3000', false );
            xmlHttp.send( null );
            return xmlHttp.responseText;
        }
    </script>
</head>
<body>
    <button onclick="socket.disconnect();">disconnect</button>
    <button onclick="socket.connect();">connect</button>
    <button onclick="httpGet();">http</button>
</body>
</html>

Steps to reproduce:

  1. node bug
  2. Load http://localhost:3000 in browser
  3. ^C (close node)
  4. node bug
  5. Click on connect
  6. Click on HTTP
  7. Click on disconnect
  8. Click on connect

Example Log Output using the above steps:

>node bug
express id: eesau4KnEaNBu9dxc-sd-AsWxOC2pkmx
socket.io id: eesau4KnEaNBu9dxc-sd-AsWxOC2pkmx
^C
>node bug
socket.io id: unGp5Xct-q0sYJQanm5G4R40kBOad6do
express id: N8eXurfyMeqMsIJDf5azw7ZYCwnJkzuy
socket.io id: N8eXurfyMeqMsIJDf5azw7ZYCwnJkzuy

About this issue

  • Original URL
  • State: open
  • Created 9 years ago
  • Reactions: 2
  • Comments: 20 (4 by maintainers)

Most upvoted comments

Weird things happened. when using var socket = io('http://localhost:3000') or var socket =io('/') in the client html ,sock.io session id is differing from express and will change after refresh. however when using var socket=io() suddenly everything is right in place

+5
wywzxxz on Sep 11, 2016

I was having the same issue. I had to send a dummy ajax request to the express server to trigger the session creation in the browser. Then I run the socket = io(server_endpoint); in the ajax callback . It seems to be all working fine.

+1
islei on Aug 7, 2018

It is because socket.io doesn’t make a new http request therefore the session data isn’t available as express doesn’t send the session forward. If you don’t refresh the http connection socket.io will still connect behind the scene skipping express.

Perhaps if session id doesn’t match in the above example, do http() then connect() to refresh the session through express?

+1
adam4813 on Nov 22, 2017
Read more comments on GitHub
← docker-phpLDAPadmin: Parse error: syntax error, unexpected '}' in /container/service/phpldapadmin/assets/config.php on line 68
express-socket.io-session: Express socket io session no longer sharing sessions with express →