0

Problem: I'm trying to retrieve my session data stored in aws Dynamodb but the sessionID is always changing between successive calls from the same endpoint to my server less express app.

Express code:

app.get('/addtocart/:id', (req, res) => {
    let cart;
    const id = req.params.id;
    const sid = req.sessionID;

    Session.getItem({ "sessionId": sid }, function (data, err) {
        if (!err) {
            cart = new Cart(data.attrs.sess.cart);
            console.log('\nTHe new cart is:\n', cart);
            addToCart();
        }
        else {
            cart = new Cart({});
            addToCart();
        }
    })

    function(){
//login to add to cart
    }
    }

Dynamodb-store config

const options = {
    "table": {
        "hashPrefix":'',
    },
    "dynamoConfig": {
        "accessKeyId": process.env.AWS_ACCESS_KEY_ID,
        "secretAccessKey": process.env.AWS_SECRET_ACCESS_KEY,
        "region": 'ap-south-1'
    },
    "keepExpired":false,
};

app.use(session({
store: new DynamoDBStore(options),
secret: 'mySecret',
resave: false,
saveUninitialized: true,
cookie:{
    httpOnly:true,
    // expires: new Date(Date.now() + hour),
    maxAge: hour
}
}));

In the above code I'm hitting the '/addtocart/:id' route on the backend for every item I add to my shopping cart. I'm loading my front end static html page on port 8080 and my server on port 3000)

  • I've deployed my express app on aws lambda, and I'm using dynamodb to store the sessions.
  • I'm trying to build a shopping cart module, so when I add some item to the cart on the frontend(on the static html page hosted on s3), it should retain the previous cart configuration and add the current item to it. Instead, once I create a new cart and I've stored it in dynamoDB, the session id changes for every item added and a new cart object is created and a session is stored again instead of old cart being retained and data being added on top of it.

  • The cart is being retained if I hit the same addproduct route from the backend, and also if I set the Acess-Control-Allow-Origin header to http://localhost:8080.

  • Since this is a server less app, I can't fix an endpoint. So, while doing the ajax call from frontend I'm not setting xhrCredentials option to true, and the orgin header on the backend is also set to '*'.

  • Is there a way I can retain the cart info for different calls to the serve less lambda express app from different users, for which the cart data is stored in dynamodb. Any info on the cookie and session management is helpful and further clarifies my confusion.

I'm using express-session for managing sessions, Dynamodb-store for storing sessions to db

l0h1t
  • 363
  • 2
  • 10
  • The session ID should be in a cookie. You should examine your browser cookie to see if it is actually changing. It sounds like your Dynamodb-store configuration isn't correct. Perhaps you should add that to your question. – Mark B Nov 02 '17 at 18:11
  • I checked the session id in document.cookie.sid. The browser cookie is not changing. I'm sure my dynamodb-store config is right but I'm adding it to my question to be sure. – l0h1t Nov 02 '17 at 19:29
  • If the value in the cookie isn't changing, then how could the session ID in the Lambda function be different? I would add some logging in the Lambda function to print out the session ID so that you can debug that better. – Mark B Nov 02 '17 at 19:31
  • That's what I didn't understand. Right now I'm testing it locally, I intend to deploy the express app on lambda. – l0h1t Nov 02 '17 at 19:38

0 Answers0