I'm trying to use express-session to keep track of user sessions on arcade.ly. I haven't specified a value for genid because I'm happy (for now) to stick with the default ID generation. The problem is that no ID is being generated for my session.
Here's an example that I've captured in my server implementation by stringifying req.session:
info: Session info: {"cookie":{"originalMaxAge":31535989265,"expires":"2018-07-31T21:30:05.827Z","secure":false,"httpOnly":true,"path":"/","sameSite":"lax"}}
As you can see, it's all good apart from the absence of the ID. I absolutely need an ID because I want to be able to associate certain information, such as the user starting a game, ending a game, their final score, with that session, and I want to associate it regardless of whether they logged in or not.
If they choose to log in later to record their scores then I can associate that login with their session, but forcing them to log in up-front sucks as a user-experience.
My code looks like this:
let cookieExpiry = new Date();
cookieExpiry.setFullYear(cookieExpiry.getFullYear() + 1);
let sessionOptions = {
cookie: {
path: '/',
httpOnly: true,
secure: false,
maxAge: null,
expires: cookieExpiry,
sameSite: 'lax',
},
name: 'arcadely.sid',
resave: false,
saveUninitialized: false,
secret: sessionSecret.secret
};
// In production we want to use secure cookies
if (!debugging.isDebugging()) {
app.set('trust proxy', 1); // Required for secure cookie to work behind Cloudflare
sessionOptions.cookie.secure = true;
sessionOptions.proxy = true;
}
app.use(session(sessionOptions));
app.use(cookieParser());
app.use(bodyParser.json());
// app.use(passport.initialize());
// app.use(passport.session());
// Dynamic content
app.get('/', homepages.serveOrRedirect);
app.get(/^\/star-castle\/?$/, (req, res) => { res.redirect(301, '/games/starcastle/'); });
app.get(/^\/games\/asteroids\/?$/, games.loadAsteroids);
app.get(/^\/games\/space-invaders\/?$/, games.loadSpaceInvaders);
app.get(/^\/games\/starcastle\/?$/, games.loadStarCastle);
Bearing in mind that I'm looking at this on a debug build of my site, why am I not seeing any session ID in the session object? If it's not stored in there where is it stored and how do I get it?
(The passport stuff is because ultimately I want to plug in passport login but, for now, I've commented it out just to eliminate it from enquiries, as it were. Also, sessionSecret.secret is just a big random string stored in another file for convenience.)
Any help greatly appreciated.
Many thanks,
Bart
It turns out that the problem is I am a moron. Re-reading the docs at https://github.com/expressjs/session shows me that req.session.id is actually an alias of req.sessionID. If I query the latter then I get my desired session ID and we're all good.