I am doing a post request from my server to another server and for it i'm using the library https://github.com/request/request.
So, I use the next code:
router.post('/extern/*', function(req, res, next) {
var path = req.params['0'];
var input = req.body.text;
var encript = crypto.encrypt(input);
request.post(config.petitionServer + path).form({data: encript}).pipe(res)
});
The session has been initialized before calling this post, but when it executes, the session is reseted. So, in this case, I lose the csrf code from the session var.
The error is in the 'pipe' function, because if I call it I lose the session, not in other case, but I need to use it.
How can I use the pipe function without lose the actual session?
I founded the solution and it was my bad.
Session is in req.session and the petition server was using also the express-session module. When request was received by petition server, this one replaced the session var by the one of the petition server.
The solution was to remove express-session module from petition server.
Anothe solution could be manage the session from the host server preventing to replace it. But I didnt do it