NodeJS, docker, nginx - req.flash() requires sessions

Question

I have a problem with my Node application behind nginx.

On the begining, I will explain infrastructure:

NGINX => (prox_pass) => Docker (expose port to host) => Node APP

Application runs good, but I have problem with connect-flash (I use it with PassportJS). I've got error:

req.flash() requires sessions

On my local computer I don't have any problems (I ran as production env). So probably the problem could be on nginx side.

I discovered that cookie session is not store on browser, so that req.flash() requires session. I don't use session.destroy and I put use session config before passport session and flash.

Here is part of server.js code (I've tried different configs: secrets, resave, saveUninitialized ; different order ; also I commented out if NODE_ENV_PRODUCTION - doesn't work ) :

app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
app.use(express.static(__dirname + '/public'));

app.use(cookieParser());


const store = new RedisStore({
  client: redisClient
});

const sessionConfig = {
  secret: 'keyboard cat',
  resave: true,
  saveUninitialized: true,
  cookie: {
    maxAge: 1000 * 60 * 60 * 24 * 7 // 1 week
  },
  store: store,
};


if (NODE_ENV_PRODUCTION) {
  app.set('trust proxy', 1);
  app.use(compression());
  sessionConfig.cookie.httpOnly = true;
  sessionConfig.cookie.secret = 'Uc7gv6L397H6';
}
app.use(session(sessionConfig));

require('./modules/user/server/passport');
app.use(passport.initialize());
app.use(passport.session());


app.use(flash());

And NGINX config:

server {
    server_name DOMAIN_NAME;
    client_max_body_size 0;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /.htpasswd;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8989/;
    }
}

In logs I can see this:

{"message":"req.flash() requires sessions","stack":"Error: req.flash() requires sessions\n at IncomingMessage._flash [as flash] (/var/www/application/node_modules/connect-flash/lib/flash.js:60:41)\n at ctrl.login (/var/www/application/src/modules/user/server/controllers/login.js:17:16)\n at Layer.handle [as handle_request] (/var/www/application/node_modules/express/lib/router/layer.js:95:5)\n at next (/var/www/application/node_modules/express/lib/router/route.js:131:13)\n at Route.dispatch (/var/www/application/node_modules/express/lib/router/route.js:112:3)\n at Layer.handle [as handle_request] (/var/www/application/node_modules/express/lib/router/layer.js:95:5)\n at /var/www/application/node_modules/express/lib/router/index.js:277:22\n at Function.process_params (/var/www/application/node_modules/express/lib/router/index.js:330:12)\n at next (/var/www/application/node_modules/express/lib/router/index.js:271:10)\n at Function.handle (/var/www/application/node_modules/express/lib/router/index.js:176:3)\n at router (/var/www/application/node_modules/express/lib/router/index.js:46:12)\n at Layer.handle [as handle_request] (/var/www/application/node_modules/express/lib/router/layer.js:95:5)\n at trim_prefix (/var/www/application/node_modules/express/lib/router/index.js:312:13)\n at /var/www/application/node_modules/express/lib/router/index.js:280:7\n at Function.process_params (/var/www/application/node_modules/express/lib/router/index.js:330:12)\n at next (/var/www/application/node_modules/express/lib/router/index.js:271:10)","level":"error","timestamp":"2017-08-01T21:17:49.367Z"}

Node version is 8.2.1

Nginx version is 1.6.2

RESOLVED

I've found a solution - problem was with connect. I use redis as storage and I connected to localhost instead of linked redis

Check your browser and post the details of the cookies returned. Or do a `curl -v ` and post the results of your URL which would set the cookies — Tarun Lalwani, Aug 02 '17 at 10:00
Here is what curl return. I trimmed with site content and split to 2 comments: `curl --user user:pass -v http://URL_APP * Hostname was NOT found in DNS cache * Trying HSOT_IP... * Connected to URL_APP (HSOT_IP) port 80 (#0) * Server auth using Basic with user 'user' > GET /user/login HTTP/1.1 > Authorization: Basic ZGFtaWFuOmR3cHJvamVjdA== > User-Agent: curl/7.38.0 > Host: URL_APP > Accept: */* > < HTTP/1.1 500 Internal Server Error * Server nginx/1.6.2 is not blacklisted < Server: nginx/1.6.2 < Date: Wed, 02 Aug 2017 09:05:58 GMT < Content-Type: text/html; charset=utf-8` — IceManSpy, Aug 02 '17 at 10:12
`< Content-Length: 4877 < Connection: keep-alive < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < X-Download-Options: noopen < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < ETag: W/"130d-MneDpRiZ8jT7EuVTuqDm5A"` — IceManSpy, Aug 02 '17 at 10:13
It's everything which I got from curl. I think, that problem is with set cookie, but I don't know why... — IceManSpy, Aug 02 '17 at 10:20
Try the same `curl -v` on http://127.0.0.1:8989/ and see if there you get the Set-Cookie — Tarun Lalwani, Aug 02 '17 at 10:23
I've run from host, where app runs on docker and result is similar: `curl -v 127.0.0.1:8989 * Rebuilt URL to: 127.0.0.1:8989/ * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 8989 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.38.0 > Host: 127.0.0.1:8989 > Accept: */* > < HTTP/1.1 200 OK < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < X-Download-Options: noopen < X-Content-Type-Options: nosniff` — IceManSpy, Aug 02 '17 at 10:39
`< X-XSS-Protection: 1; mode=block < Content-Type: text/html; charset=utf-8 < Content-Length: 7062 < ETag: W/"1b96-CmpIgqWiW/9R8GTGWs6qKg" < Date: Wed, 02 Aug 2017 09:31:25 GMT < Connection: keep-alive <` — IceManSpy, Aug 02 '17 at 10:39
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/150808/discussion-between-tarun-lalwani-and-icemanspy). — Tarun Lalwani, Aug 02 '17 at 10:40
I've tested standalone - run application on host, behind nginx proxy_pass - it works. So probably the problem is with docker. `curl -v URL_APP/user/login * Hostname was NOT found in DNS cache * Trying IP... * Connected to URL_APP (IP) port 80 (#0) > GET /user/login HTTP/1.1 > User-Agent: curl/7.38.0 > Host: URL_APP > Accept: */* > < HTTP/1.1 200 OK * Server nginx/1.6.2 is not blacklisted < Server: nginx/1.6.2 < Date: Wed, 02 Aug 2017 03:15:16 GMT` — IceManSpy, Aug 02 '17 at 12:35
`< Content-Type: text/html; charset=utf-8 < Content-Length: 8618 < Connection: keep-alive < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < X-Download-Options: noopen < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < ETag: W/"21aa-U1z3xHaLkDWW+wh2PAbkVA" < set-cookie: connect.sid=s%3AalOPsiFUF0KOyoRG8ZQUvOKAh2UYaylm.WKgfrO6Gk%2B%2FkprMjU39XLJt%2BhF8vqGuZ5F%2Bhf%2FsaqpA; Path=/; Expires=Wed, 09 Aug 2017 03:15:16 GMT; HttpOnly < Vary: Accept-Encoding <` — IceManSpy, Aug 02 '17 at 12:35
I've found a solution - problem was with connect. I use redis as storage and I connected to localhost instead of linked redis. — IceManSpy, Aug 03 '17 at 18:01

NodeJS, docker, nginx - req.flash() requires sessions

0 Answers0