1

I'm trying to share the same session cookie across two express.js apps. I'm setting the same secret and same key id on both app configurations. Then I have them running on the same domain (different ports).

Both apps have the following in app.js:

app.use(express.cookieParser());
app.use(express.session({
  store: db.sessionStore,
  secret: 'samesecretforall',
  key: 'express.sid',
  cookie: {
    maxAge: null,
    path: "/",
    domain: ".localhost"
  }
}));

In theory they should share the same value for the session cookie right? What I'm seeing is that the value of the cookie "express.sid" changes as soon as I switch between my apps.

Am I missing something?

Alvaro
  • 40,778
  • 30
  • 164
  • 336
user313551
  • 355
  • 4
  • 15
  • Have you checked to see what is sent (Cookie header) by your browser for both apps? Does it not send the same value to both? What if you try using `domain: "127.0.0.1"` or just removing the `domain` property altogether? – mscdex Jun 26 '14 at 21:45
  • I just tried both with 127.0.0.1 and without domain. There was no difference. Also the browser send the same cookie for both apps just different value (the value gets overwritten as soon as I switch from one app to the other). – user313551 Jun 26 '14 at 21:55
  • What session storage do you use for `store` (what is `db.sessionStore`) ? – t.niese Jun 26 '14 at 22:07
  • MongoDB (connect-mongo). I've also tried using memory with no luck. – user313551 Jun 26 '14 at 22:13
  • 1
    That memory would not work is logical, as the session then would only exists in the memory of the corresponding app. I asked to make sure that you did not choose another in memory storage. – t.niese Jun 26 '14 at 22:21
  • Put a small middleware right above and bellow the cookieParser and try to log the cookie that you get? Just to make sure you're getting the same cookie and that cookie parser isn't changing it? – Zlatko Jun 27 '14 at 11:21

0 Answers0