express-session: How to renew ssid but preserve data?

Question

I use node.js and express.js to implement my web server.

I use express-session module (https://github.com/expressjs/session) to handle web sessions and connect-redis (https://github.com/tj/connect-redis) for session store. I believe it does not relate to the type of the store but in case you ask I told you.

After user login and doing some sensitive data changed, eg. change the password, I'd like to renew the ssid. So I use req.session.regenerate(). However, after the function call, all other session data lost. How can I preserve the session data after renewing the ssid?

What actual behaviour:

req.session.userId = 100;

req.session.regenerate(function(err) {
    // will have a new session here

    console.log(req.session.userId); // undefined
});

What I want:

req.session.userId = 100;

req.session.regenerate(function(err) {
    // will have a new session here

    console.log(req.session.userId); // 100
});

Below is what I have done. It works but is it the correct way to do that?

var sessionData = req.session;        

req.session.regenerate(function(err) {
    // will have a new session here

    req.session = sessionData;
});

wdetac · Accepted Answer · 2018-03-09T04:06:15.780

2

It cannot be done in current version 1.15.6. The feature will be added in the future.

https://github.com/expressjs/session/issues/425

It is a good workaround. Maybe better use Object.assign:

var sessionData = req.session;

req.session.regenerate((err) => {
    Object.assign(req.session, sessionData);
});

edited Mar 09 '18 at 04:06

answered Mar 08 '18 at 04:35

wdetac

2,712
3
20
42

express-session: How to renew ssid but preserve data?

1 Answers1