0

Running my third party js app, it has seen so weird when play with session on the IE . From here no problem using Chrome, FF and Safari.

My apps has the following design:

Any client can use my third party js code.

So, this widget.js just does a call for my app node using express. This widget.js is a IIFE where on my app get the request and create the session using the code: app.js

var emptygif = require('emptygif');
var express = require('express');
var uuid = require('node-uuid');
var expressSession = require('express-session');
var app = express();

app.set('trust proxy', 1)
app.use(expressSession({
  genid: function(req) {
    return uuid.v4(); // use UUIDs for session IDs
  },
  secret: '1234567890QWERTY',
  cookie: { expires: new Date(Date.now() + 900000) },
  secure: false,
  httpOnly: true
}));

app.use(function(req, res, next) {
    res.header('Access-Control-Allow-Credentials', true);
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');

    next();
});

app.get('/widget.js', function(request, response){

    response.sendfile('widget.js');

});

app.get('/ping', function(req, res) {

    var msg_out = load(req);

    console.log( msg_out );

    emptygif.sendEmptyGif(req, res, {
        'Content-Type': 'image/gif',
        'Content-Length': emptygif.emptyGifBufferLength,
        'Cache-Control': 'public, max-age=0' // or specify expiry to make sure it will call everytime
    });

});

function load(req){

    var msg = {
        user_token: req.session.token_bility,
        time_stamp: new Date(),
        user_agent: req.headers['user-agent'],
        language: req.headers["accept-language"],
        referrer: req.headers['referer']
    }

    return msg;
}

app.listen();

widget.js

(function(window, undefined) {

    var _jq;

    function drawWidget() {
        console.log('drawing');
    }

    function loadSupportingFiles(_url,callback) {
        var path = 'http://myserver/' + _url;
        var oImg=document.createElement("img");
        oImg.setAttribute('src', path);
        var body = document.getElementsByTagName('body')[0];
        body.appendChild(oImg);
        callback();
    };

    function scriptLoadHandler() {
        console.log('loading pixel');
    }


    loadSupportingFiles('ping', function() {
        scriptLoadHandler();
    });

})(window);

I already have done some searching by google for this questions but still without solution. I will share with pleajure about any hint and knowledge from how to fix this.

Pay attention:

I forgotte to say some keys informations. The token has been generated well for all browsers (IE, Chrome, FF and Safari). But each hint for the server generate different tokens only for IE. The behavior shows that IE expires every request.

IIFE ref. https://en.wikipedia.org/wiki/Immediately-invoked_function_expression

user1404404
  • 45
  • 1
  • 9

1 Answers1

0

Solution After trying some parameters options this resolved.

  cookie: { maxAge: 60*10000 },
  secure: false,
  httpOnly: true

I changed to maxAge instead expires.

These links helped me.
How to keep session in expressjs to not expire
http://mrcoles.com/blog/cookies-max-age-vs-expires/

Community
  • 1
  • 1
user1404404
  • 45
  • 1
  • 9
  • This shouldn't be anything to do with IE. Was it only IE that wasn't working/ and could you get it to work fine in Chrome _without_ the maxAge? – Matt Fletcher Jan 12 '21 at 10:58