Session not being saved on server after successful login from client

So I currently have a full stack app, the server saves the session when the user is authenticated via steam’s openID service, but it only works locally and I am getting the session information just fine when it’s local - but when I’m trying to login on the live server with the live client, the session does not get the saved at all, and it just logs the default cookie information without the user information that is meant to be saved with the session. It does log the session during the authentication phase, but the session never saves that data.

I have included the credentials in my requests and set credentials to true using the cors middleware right after the app initialization.

I’ve tried for a few hours now and nothing is working - only when I’m running it in a dev environment.

app.js (express)

require('dotenv').config();
var express = require('express');
var cors = require('cors');
var path = require('path');
var fs = require('fs');
var cookieParser = require('cookie-parser');
var logger = require('morgan');

const session = require('express-session');
const SQLiteStore = require('connect-sqlite3')(session);

const corsOptions = {
    origin: process.env.CLIENT_BASEURL,
    credentials: true,
    allowedHeaders: [ 'Content-Type', 'Authorization' ]
};

console.log('CORS options:', corsOptions);
var indexRouter = require('./routes/index');
var authRouter = require('./routes/auth');

const dbDirectory = path.resolve(__dirname, './db');
if (!fs.existsSync(dbDirectory)) {
    fs.mkdirSync(path.join(__dirname, 'db'));
}

var app = express();

app.use(cors(corsOptions));
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use(session({
    saveUninitialized: false,
    resave: false,
    secret: process.env.SECRET,
    cookie: {
        maxAge: 1000 * 60 * 60 * 3,
        secure: true,
        sameSite: false
    },
    store: new SQLiteStore({
        ttl: 60 * 60 * 3,
        pruneInterval: 60 * 60 * 15,
        db: 'sessions.db',
        dir: dbDirectory
    })
}));

app.use('/', indexRouter);
app.use((req, res, next) => {
    console.log('Session data on request:', req.session);
    next();
})
app.use('/auth', authRouter);


module.exports = app;

Anything I’m doing wrong?
The server and the client are communicating, but somehow the session information isn’t transferred or saved. My client browser gets a successful login and is assigned a connect.sid… but none of the actual user data along with the authentication.

I’d like to add that I do have a disk set to where the session is being saved on the server. Not sure if it’s the right way of doing it, but there seems to be activity on the disk.

1 Like

Hey,

I see that you’ve already initiated a support ticket with us. To avoid any confusion or duplicate efforts, let’s continue the conversation there

Jérémy.
Render Support, UTC+3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.