1

I have an express app where I'm using cookie-session for storing jwt token. I'm using supertest to test that app. So, here is what I'm trying to achieve:

Here a cookie is created and jwt is stored inside.

const request = require('supertest');

const response1 = await request(app)
            .get(`/api/users/....`)
            .expect(200);

Then I'm getting the cookies:

const cookies = response1.get('Set-Cookie');

Actually, there are two cookies:

[
      'session=eyJqd3QiOiJleUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcFpDSTZJall6TlRJM01qWTNORFJpWm1Ga05qRmxORE5sTVdVME1DSXNJbWxoZENJNk1UWTJOak0wTnpZeU15d2laWGh3SWpveE5qYzBNVEl6TmpJemZRLkFzeHhjYnV6MEZobVhxOEZoRUZTV2MtVGF6MFFELXkycVhfQ0h0Q0NiX2MifQ==; path=/; expires=Fri, 21 Oct 2022 10:30:23 GMT; httponly',
      'session.sig=2yfTP5EKMbkQsrc9sfNh4ZcPbzY; path=/; expires=Fri, 21 Oct 2022 10:30:23 GMT; httponly'
    ]

The session cookie value is base64 encoded and contains the jwt token. So, I'm taking the session value decode it then create a new jwt token, base64 encode it and then replace just the session value. Everything else is exactly the same. So it will look like that:

[
      'session=eyJqd3QiOiJleUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcFpDSTZJall6TlRJM01qWTNORFJpWm1Ga05qRmxORE5sTVdVME1DSXNJbWxoZENJNk1UWTJOak0wTnpZeU15d2laWGh3SWpveE5qWTJNelEzTmpNemZRLk5mRVR2WHhUVlZBRlduN1g2cHBUdDJ0ZWVWRUdUOEhyV3lOSmQtNl9RcmsifQ==; path=/; expires=Fri, 21 Oct 2022 10:30:23 GMT; httponly',
      'session.sig=2yfTP5EKMbkQsrc9sfNh4ZcPbzY; path=/; expires=Fri, 21 Oct 2022 10:30:23 GMT; httponly'
    ]

Let's say the new cookie is stored in a constant const newCookie = modifiedCookie; On the next request I set the cookie like this:

const response2 =await request(app)
            .patch('/api/users/...')
            .set('Cookie', newCookie)
            .send({})

After the last request req.session = {}, req.session.isNew = true, req.session.isChanged = true and req.session.isPopulated = false.

Any idea what causes this behavior? Why is req.session empty?

If I get the cookie from the previous request and send it with the new request:

const response2 =await request(app)
            .patch('/api/users/...')
            .set('Cookie', response1.get('Set-Cookie')
            .send({})

everything works just fine. req.session is populated with the jwt token.

Dimitar Georgiev
  • 51
  • 1
  • 2
  • 6

0 Answers0