server sent cookie is not overriding the existing cookie

Question

i have a express application and using cookie-session module for session management. application has 2 paths https://example.com/abc/def and https://example.com/abc/ghi . if i am visiting any path first then it sets a cookie but if i am changing the URL to other path then i can see that server is responding with new value for the cookie in developer console but it is not getting updated in browser. any idea what is preventing cookie from getting updated?

Answer 1

You need to clearCookie before you set new one. Most importantly cookies work with domain not the paths. So in both the path where you want to set cookie you have to check for existing cookie and if you found one you have to remove it to set new one.

const cookieSession = require('cookie-session');
const express = require('express');
const app = express();

app.set('trust proxy', 1) // trust first proxy

app.use(cookieSession({
   name: 'session',
   keys: ['key1', 'key2']
}));

app.get('/abc', function(req, res, next) {
  req.session = {
     'views':'abc'
  };
  res.end(req.session.views + ' cookie value is set');
 });


app.get('/xyz', function(req, res, next) {
  req.session = {
    'views':'xyz'
  };
  res.end(req.session.views + ' cookie value is set');
});

app.get('/test', function(req, res, next) {
   res.end(req.session.views + ' cookie found');
});

app.listen(3000);

This is sample code where path /abc and /xyz sets diffrent values for session and those values can be seen on /test path.

So if you first hit /abc route and than hit /test path you will get cookie value {'views': 'abc'} and if you hit /xyz and than hit /test cookie value will be {'viewa':'xyz'};

Answer 2

on further analysis i found the the content length for the cookie is going beyond the allowed size of 4096 bytes, once we fixed the content we are seeing cookie properly getting set.