Search code examples
node.jsexpressauthenticationexpress-session

Express-Session any changes made to session variables are not saved across the routes

This is a frequently asked question on stack overflow, I have checked many posts but that didn't work. I am attempting to make a login page, saving the User_id (after successful login) in the session variable then using that variable to check whether a user is logged in or not. The later part i am trying to implement it in a middle ware.

However my changes are not saved across the routes. Example:-

This is my login route (where I am storing user_id in session session)

router.post("/login", function(req,res){
User.findOne({EnrollNumber: req.body.EnrollNumber}, function(err, user){
    if(err|| !user ||!(bcrypt.compareSync(req.body.password, user.password))){
        console.log("Incorrect Email Password");
    }else{
        console.log("Login is successfull");
        //Setting Up the session
        req.session.userId= user._id;
        console.log(req.session.userId);
    }
    console.log(req.session);
});
res.redirect("/forum");

Output of console.log(req.session) here is

Session {
 cookie: { path: '/', _expires: null, 
  originalMaxAge: null, httpOnly: true },
  userId: 5eb3892938...
}

My middleware

    var middlewareObj ={}
    middlewareObj.isLoggedIn= function(req,res,next){
    console.log("My Session variable is");
    console.log(req.session);
    if(req.session.userId){
        console.log("Session variable is set");
        return next();
    }
    console.log("User is not logged in");
    res.redirect("/login");
}
module.exports = middlewareObj;

Output Here is

    My Session variable is
Session {
  cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true }
}
User is not logged in

As a result I cannot access those pages even though I have loged in.

My app.js

var express = require("express");
var app = express();
var bodyParser = require("body-parser");
var mongoose = require("mongoose");
var methodOverride = require("method-override");
var session = require('express-session');

//Requiring Routes
var forumRoutes = require("./routes/forums");
var threadRoutes = require("./routes/threads");
var indexRoutes = require("./routes/index");
var commentRoutes= require("./routes/comments");  
mongoose.connect("mongodb://localhost/Project_forum");
app.use(bodyParser.urlencoded({ extended: true }));
app.set("view engine", "ejs");
app.use(express.static(__dirname + "/public"));
app.use(methodOverride("_method"));
app.use(session({
   resave: false, // don't save session if unmodified
   saveUninitialized: false, // don't create session until something stored
   secret: 'shhhh, very secret lubba wubba dubba etc etc'
 }));  
app.use("/", indexRoutes);
app.use("/forum", forumRoutes);
app.use("/forum/:id/thread", threadRoutes);
app.use("/forum/:id/thread/:id/comments", commentRoutes);


app.listen(8000, function () {
   console.log("The forum Server Has Started!");
});
Solution

  • Change your login route to this:-

        router.post("/login", function(req,res){
User.findOne({EnrollNumber: req.body.EnrollNumber}, function(err, user){
    if(err|| !user ||!(bcrypt.compareSync(req.body.password, user.password))){
        console.log("Incorrect Email Password");
        res.redirect("someplace");
    }else{
        console.log("Login is successfull");
        //Setting Up the session
        req.session.userId= user._id;
        console.log(req.session.userId);
        res.redirect("Some Another place (i.e ur secret page)");
    }
});

    Adding res.send/redirect just after session change will save it.