I have an application using Angular and Node (Nest JS) , in the server side i'm using express-session. In my middleware i'm adding the logged in user to the session:
req.session.user = user;
When the user tries to login using an Iphone he is not able to login. after debbuging the issue I found that each request has a different sessionId. I can see that after I inlitialze the user in the session it works fine, but than the next request is empty (no user object) and has a new id.
This issue occures only in IOS.
I did try to change the express-sessions options: maxAge, httpOnly, resave, saveUninitialized and nothing worked.
These are my express definitions:
app.then(instance => {
instance.use(compress({
filter: function ( req, res ) {
return (/json|text|javascript|css|font|svg/).test(res.getHeader('Content-Type'));
},
level: 9
}))
if ( _.has(config, 'log.format') ) {
instance.use(morgan(':method :url :status :res[content-length] - :response-time ms', Logger.getMorganOptions()));
}
instance.use(bodyParser.json());
instance.use(bodyParser.urlencoded({extended: true}));
instance.use(cookieParser(config.sessionSecret));
var MemoryStore = require('memorystore')(session);
instance.use(session({
store: new MemoryStore({
checkPeriod: 86400000 // prune expired entries every 24h
}),
saveUninitialized: true,
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: null,
httpOnly: false,
},
name: config.sessionKey,
}));
var corsOptions = {
origin: function ( origin, callback ) {
var isWhitelisted = originsWhitelist.indexOf(origin) !== -1;
callback(null, isWhitelisted);
},
credentials: true,
};
instance.use(cors(corsOptions));
instance.listen(3000, () =>
console.log('Application is listening on port 3000')
)
});
