Variable added to Node.js express-session is undefined in next request

Question

I am implementing a simple login functionality and storing the data in the express-session but not able to get it back. In loginDb.js file in login function i am storing the userId in session variable and in getLoginStatus function i am trying to access the userId but it is returing as undefined.

I have gone through many post related to similar issue but nothing helped in my case. Don't know what i am doing wrong here. Below is the code.

server.js

var express = require('express');
var pg = require('pg');
var cookieParser = require('cookie-parser');
var bodyparser = require('body-parser');
var session = require('express-session');
var path = require('path');
const port = 3000;
const loginroute = require('./Routes/login');

var app=express();

app.use(bodyparser.json());
app.use(bodyparser.urlencoded({ extended: false }));
app.use(cookieParser());

app.use(session({
    secret: 'This is a secret',
    resave: true,
    saveUninitialized:true,
        cookie: { 
            secure: false,
            maxAge: 60000
        }
    }));

//Routes
app.use('/api/loginroute',loginroute);

app.listen(port,function(){
    console.log('app listening to port:'+port);
});

login.js

const express = require('express');
const router = express.Router();
const db = require('../DataAccessLayer/loginDb');

router.get('/getLoginStatus', db.getLoginStatus);
router.post('/login', db.login);

module.exports = router;

loginDb.js

var config = require('../Config/config');
var session = require('express-session');
var pg = require('pg');
var pool = new pg.Pool(config.development.db);

function getLoginStatus(req, res, next){
    var userId = req.session.userId;
};

function login(req, res, next) {
    pool.connect(function(err, client, done) {
    if (err) {
        console.log("not able to get connection "+ err);
        res.status(400).send(err);
    }
    var q = "select id from nodetest.users where name=$1 and password=$2";
    client.query(q, [req.body.username, req.body.password], function(err, result) {
        done();
        if(err) {
        return console.error('error running query', err);
        }
        if(result.rowCount>0){
            req.session.userId = result.rows[0].id;
        }
        res.send(result.rows);
    });
    });
};

module.exports = {
    login:login,
    getLoginStatus:getLoginStatus
};

Answer 1

Set cookieParser secret key similar as that of express-session secret key will fix the issue.

app.use(cookieParser('This is a secret'))

Doc Says

Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.