Search code examples
node.jsexpressauthenticationsessioncookies

Issue with back button navigation after login in Node.js Express using sessions and cookies

I've implemented a basic login system using session and cookies in Node.js Express. After successful login, users are redirected to /home to see a welcome page. However, when users click the browser's back button from /home, they end up at the root route (/).

During an interview, the interviewer mentioned an error: "matching multiple routes while clicking on the back button," but I'm unsure how to address this. I don't understand the issue he mentioned.

Expected behavior: After visiting /home, when users click the back button, they should stay on the home page. In my application, when users double-click the back button, it goes back to the root route (/) and logs out.

Current issue: Users are logged out when they click the back button twice from /home, which redirects them to the root route (/).

Additional context: I am not seeing any errors in the console, and the interviewer didn't provide more details on the "matching multiple routes" issue. I'm looking for guidance on what might be causing this unexpected behavior and how to fix it.

Any help would be greatly appreciated. Thanks!


const express = require('express');
const app = express();
const hbs = require('hbs');
const nocache = require('nocache');
const session = require('express-session');

app.use(express.static('public'));
app.set('view engine', 'hbs');
app.use(express.urlencoded({ extended: true }));
app.use(express.json());

app.use(session({
    secret: "xyz",
    saveUninitialized: false,
    resave: true,
    cookie: { secure: false }
}));

app.use(nocache());

const username = 'admin';
const password = 'admin@123';

app.get('/', (req, res) => {
    if (req.session.user) {
        res.render('home', { username: username });
    } else if (req.session.passwordwrong) {
        res.render('login', { msg: "invalid credentials " });
        req.session.passwordwrong = false;
    } else {
        res.render('login');
    }
});

app.post('/verify', (req, res) => {
    if (req.body.username === username && req.body.password === password) {
        req.session.user = req.body.username;
        res.redirect('/home');
    } else {
        req.session.passwordwrong = true;
        res.redirect('/');
    }
});

app.get('/home', (req, res) => {
    if (req.session.user) {
        res.render('home', { username: username });
    } else {
        if (req.session.passwordwrong) {
            req.session.passwordwrong = false;
            res.render('login', { msg: "invalid credentials " });
        } else {
            res.render('login');
        }
    }
});

app.get('/logout', (req, res) => {
    req.session.destroy();
    res.render('login', { msg: 'logged out' });
});

app.listen(3000, () => console.log('server running on port 3000'));
Solution

  • Because the following code render the home page instead of redirect.

    so you can change res.render('home') to res.redirect('/home').

    you can google res.redirect to know more.

    app.get('/', (req, res) => {

    if (req.session.user) {
        res.render('home', { username: username });
    } else if (req.session.passwordwrong) {
        res.render('login', { msg: "invalid credentials " });
        req.session.passwordwrong = false;
    } else {
        res.render('login');
    }
});

    To

    app.get('/', (req, res) => {
    if (req.session.user) {
        res.redirect('/home');
    } else if (req.session.passwordwrong) {
        res.render('login', { msg: "invalid credentials " });
        req.session.passwordwrong = false;
    } else {
        res.render('login');
    }
});