express-session req.session.touch not a function?

Question

I'm working on a personal project, recently included express-session and cookie-session. Though i'm having a problem when navigating to localhost:3000/, i get an error telling me that req.session.touch is not a function in express-session module. Below you can find a snippet of the code:

const express = require('express');
const bodyParser = require('body-parser');
const _ = require('lodash');
const passport = require('passport')
const LocalStrategy = require('passport-local')
const cookieParser = require('cookie-parser');
const session = require('express-session')
let cookieSession = require('cookie-session')
const pug = require('pug');
require('./db/mongoose');
const mongoose = require('mongoose');
const Todo = mongoose.model('Todo');
const User = mongoose.model('User');
let app = express();
const ObjectID = require('valid-objectid');

app.use(bodyParser.urlencoded({
  extended: true
}));

app.use(bodyParser.json());

//Use session
app.use(session({ secret: 'secretomitted', cookie: { maxAge: 0 } }))

//Set cookie session
app.use(cookieParser())
app.use(cookieSession({ name: 'session', secret: 'secretomitted', maxAge: 0 }))

//Set views folder and view engine
app.set('views', './views');
app.set('view engine', 'pug');


passport.use(new LocalStrategy(
  function (email, password, done) {
    User.findOne({ 'email': email }, function (err, user) {
      if (err) { return done(err); }
      if (!user) {
        return done(null, false, console.log('Wrong username'));
      }
      if (!user.validatePassword(password)) {
        return done(null, false, console.log('Wrong Password'));
      }
      return done(null, user);
    });
  }
));


//FE Requests

app.get('/', (req, res) => {
  res.send(pug.renderFile('index.pug'))
  console.log('index rendered')
})

and this is the error i'm getting:

[nodemon] 1.18.9
[nodemon] to restart at any time, enter `rs`
[nodemon] watching: *.*
[nodemon] starting `node server/server.js`
express-session deprecated undefined resave option; provide resave option server/server.js:24:9
express-session deprecated undefined saveUninitialized option; provide saveUninitialized option server/server.js:24:9
Started on port 3000
/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/express-session/index.js:326
        req.session.touch()
                    ^

TypeError: req.session.touch is not a function
    at ServerResponse.end (/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/express-session/index.js:326:21)
    at Array.write (/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/finalhandler/index.js:297:9)
    at listener (/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/on-finished/index.js:169:15)
    at onFinish (/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/on-finished/index.js:100:5)
    at callback (/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/ee-first/index.js:55:10)
    at IncomingMessage.onevent (/Users/alessandrocamplese/Desktop/Projects/Mongo-tasker/mongo-tasker/node_modules/ee-first/index.js:93:5)
    at IncomingMessage.emit (events.js:197:13)
    at endReadableNT (_stream_readable.js:1129:12)
    at processTicksAndRejections (internal/process/next_tick.js:76:17)
[nodemon] app crashed - waiting for file changes before starting...

Any solution to this? Thanks.

score 4 · Answer 1 · answered Feb 08 '22 at 08:51

TL;DR: Only use one session management, for custom session information extend the session object don't overwrite it.

Old question, but I had the same issue, so for anyone else trying to accomplish the same thing :) . I believe that the problem is some sort of conflict from different session objects:

//Use session
app.use(session({ secret: 'secretomitted', cookie: { maxAge: 0 } }))

//Set cookie session
app.use(cookieParser())
app.use(cookieSession({ name: 'session', secret: 'secretomitted', maxAge: 0 }))

This is using express-session AND cookie-session. Here is a quote from expressjs.com:

A user session can be stored in two main ways with cookies: on the server or on the client. [cookie-session] stores the session data on the client within a cookie, while a module like express-session stores only a session identifier on the client within a cookie and stores the session data on the server, typically in a database.

As explained above, express-session only stores an ID in the cookie, while cookie-session stores all session data in the cookie. This very short blog post explains how messing with the session data will cause your error. The two types of session storage will inevitably cause such a conflict, since they are trying to store the data in different places.

express-session req.session.touch not a function?

1 Answers1

TL;DR: Only use one session management, for custom session information extend the session object don't overwrite it.