Search code examples
node.jstypescriptsessionexpress-session

Session doesn't work as expected

import * as express from 'express';
import * as session from 'express-session';
import * as bodyParser from 'body-parser';

const app: express.Express = express();

app.use(bodyParser.json());
app.use(session({
  secret: 'secret', resave: true,
  saveUninitialized: true, cookie: { maxAge: 60000 }
}));

app.post('/login', (req, res) => {
  req.session.username = 'test';
  res.send('login successfull');
});

app.post('/logout', (req, res) => {
  req.session.username = undefined;
  res.send('logged out successfully ' + req.session.username);
});

app.all('*', (req, res, next) => {
  console.log('should not be undefined ' + req.session.username);
  if (req.session.username !== undefined) {
    next();
  }
  res.send('username = ' + req.session.username);
  next();
});

app.post('/protected', (req, res) => {
  res.send('protected content')
})

app.listen(3000, () => { console.log('Server started on port 3000!'); });

The problem is that after successfull login the req.session.username is still undefined in the other path (app.all('*')....). I incloded the entire code. Pls HELP I'm stuch for days...

Solution 
  • import * as express from 'express';
import * as session from 'express-session';
import * as bodyParser from 'body-parser';

const app: express.Express = express();

/**
 * Make your function saperately check for permissions and if fails send them 403 or redirect them to login page
 */

function is_allowed() {
    return (req, res, next) => {
        if (req.session.username !== undefined) {
            next();
        } else {
            res.send(403);
        }
    }
}
app.use(bodyParser.json());
app.use(session({
    secret: 'secret', resave: true,
    saveUninitialized: true, cookie: { maxAge: 60000 }
}));

app.post('/login', (req, res) => {
    req.session.username = 'test';
    res.send('login successfull');
});

app.post('/logout', (req, res) => {
    req.session.username = undefined;
    res.send('logged out successfully ' + req.session.username);
});

// Use the permission in each route
app.post('/protected', is_allowed(), (req, res) => {
    res.send('protected content')
})

app.listen(3000, () => { console.log('Server started on port 3000!'); });