I've been trying to use connect-redis to use express session store with AWS Elasticache. The redis server at AWS I used is using Encryption in-transit, encryption at-rest and Redis AUTH token.
i am using Passport with local strategy to authenticate users
This is how it looks in app.js when I configure it:
const express = require('express'),
app = express(),
session = require('express-session'),
awsHandler = require('./awsHandler'),
passport = require('passport'),
....
....
awsHandler.retrieveServiceCredentials('session').then(keys => {
let secret = keys.session_key;
let redis_auth = keys.redis_auth;
const redis = require('redis');
const redisClient = redis.createClient({
host: 'master.redis-connect.abcd.efg.cache.amazonaws.com',
port: REDIS_PORT,
auth_pass: redis_auth,
tls: { checkServerIdentity: () => undefined }
});
const redisStore = require('connect-redis')(session);
app.use(session({
secret: secret,
resave: false,
saveUninitialized: false,
store: new redisStore({
client: redisClient
})
}));
});
....
....
app.use(passport.initialize());
app.use(passport.session());
The thing is I try to connect to my website, and I get no req.session or req.user (when before using SQLite with connect-sqlite3 package, I had req.user after logging in).
I noticed nothing gets stored in redis, when I connect to the Redis Server and type KEYS * there are no keys. However, when I try to set a key in the Redis server hardcoded in app.js with:
redisClient.set('key', 'value')
It IS setting the key and value in the server (when typing KEYS * we can see it there). So I do successfully establish connection to the redis server with the client library, however, it seems something happens there that I don't configure properly so the sessions gets stored in the Redis.
I am on AWS environment (Elastic Beanstalk, Elasticache).
hank you for reading and helping!
Best regards.
I solved it, it was a problem in my code : the awsHandler.retrieveServiceCredentials is an async function, and called after couple seconds. In the flow, it was already initializing everything in the app (initializing passport session, defining routes, starting the node server to listen on port, etc...), and because the retrieveServiceCredentials returned later than that, the order was wrong, and it initialized everything in the app before we used app.use(prodSessionMiddleware), so therefore the session not included in the app.
We set an interval every second, and check a boolean if the 'then' was called, if it was called, we clear the interval and continue with our life :)