0

This is giving me a huge headache, the CSRF cookie is working correctly but I've seemed to have broken something and cannot get the sessions to start. Any help would be appreciated.

EDIT: I forgot to mention, I am using Nginx as a reverse proxy server which is forwarding to my Node server which is accepting all requests from Nginx with HTTPS, as I heard you need to in order to have secure sessions.

var express = require('express'),
    path = require('path'),
    cookieParser = require('cookie-parser'),
    session = require('cookie-session'),
    csrf = require('csurf'),
    bodyParser = require('body-parser');

var app = express();

app.enable('trust proxy', 1);
app.use(session({
  secret: 'supersecret!',
  name: 'session_id'
}));
app.use(cookieParser('supersecret!'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
Alvaro
  • 40,778
  • 30
  • 164
  • 336
Aiden Wallis
  • 11
  • 2
  • hard to tell what the issue is from this snippet, but just want to point out that sending the csrf token via cookie isn't the safest way of doing things, either do server side rendering with the csrf token, or use json web tokens. Using a cookie can be exploited if any routes/subdomains aren't on ssl – Saad Dec 12 '15 at 08:54
  • Thanks for the tip, I'll fix that. Is there any other snippets I can give? And they are on SSL, running through Nginx – Aiden Wallis Dec 12 '15 at 11:55
  • I fixed the issue don't worry. – Aiden Wallis Dec 12 '15 at 12:03

1 Answers1

0

I fixed the issue just so everyone knows, very simple actually.

I switched to express-session and set it up as it says in the docs and now everything is working perfectly! Thanks for the help everyone!

Aiden Wallis
  • 11
  • 2