Search code examples

Compound/Express JS: Multiple sessions per user

I have an app that is creating 2 sessions for each user. I have located the source of the issue, but I do not fully understand why it's happening and how to fix it. Let's say I scaffold an example app like so:

compound init blah
cd blah
npm install
npm install connect-mongo
compound g c mytest

Make config/environment.js look like this:

module.exports = function (compound) {
  var express = require('express');
  var app =;
  var secret = 'secret';  // Need this to check if there's been tampering with the session
  var MongoStore = require('connect-mongo')(express);
  app.sessionStore = new MongoStore({
    url: 'mongodb://localhost/development'
  app.cookieParser = express.cookieParser(secret);

  app.configure(function() {
    app.use(express.static(app.root + '/public', { maxAge: 86400000 }));
    app.set('jsDirectory', '/javascripts/');
    app.set('cssDirectory', '/stylesheets/');
    app.set('cssEngine', 'stylus');
      secret: secret,
      store: app.sessionStore,
      cookie: {
        maxAge: 86400000 // 24 hour session

And in the app/controllers/mytests_controller.js file, modify it to have this:

action('getMe', function(data) {
  return send({success: true, data: 'got you!'});

action(function index(data) {
  console.log(data.req.session);  // has session data
  var http = require('http');
  var options = {
    host: 'localhost',
    port: 3000,
    path: '/getMe'
  //return send({success: true});
  http.get(options, function(res) {
    var data = '';
    res.on('data', function(chunk) {
      data += chunk;
    res.on('end', function() {
      data = JSON.parse(data);
      if (data) {
        return send({success: true, data: data});
      else {
        return send({success: false, data: 'data is undefined'});

Update routes.js:

exports.routes = function (map) {
    map.get('getMe', 'mytests#getMe');

    // Generic routes. Add all your routes below this line
    // feel free to remove generic routes

When I navigate to localhost:3000/mytests, and crack open the Mongo database, I see 2 sessions created. If I uncomment that return in the index, I only get 1 session created, so it's clearly the http.get, but maybe I'm misunderstanding something else? Can anyone explain what's going on?

Ideally, I just want me browsing to /mytests to make a session and not any subsequent calls it makes.

Note: I realize this example is pretty dumb with the /getMe endpoint just returning some JSON, but in my actual app, it's doing a bit more and making a service call.

Cross-posted from the CompoundJS and Express Google Groups.


  • I don't like this answer, but I figured I'd post my quick fix for the time being:

    I'm setting a credentials field in the user's session, so what I'm doing is just checking to see if credentials exists in the /getMe session. If it doesn't, delete the session. Here's the updated code:


    action('getMe', function(data) {
      // Added this part
      var session = data.req.session;
      if (session && !session.credentials) {
      return send({success: true, data: 'got you!'});
    action(function index(data) {
      // Added this part
      var session = data.req.session;
      if (session) {
        session.credentials = "blah blah blah";
      var http = require('http');
      var options = {
        path: '/getMe',
        host: 'localhost',
        port: 3000
    //  return send({success: true});
      http.get(options, function(res) {
        var data = '';
        res.on('data', function(chunk) {
          data += chunk;
        res.on('end', function() {
          data = JSON.parse(data);
          if (data) {
            // make call for proper config file based on cookie.role
            return send({success: true, data: data});
          else {
            return send({success: false, data: 'data is undefined'});

    Like I said, it's not ideal, so I would love to hear other answers... maybe if there's a way to send a session through an http.get or even telling the http.get to not create a session would be awesome.