Express Session not saving on iOS safari












0















I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).



Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.



For the test app sessions are configured as follows:



app.use(session({
resave: false,
saveUninitialized: false,
secret: 'xxxxxxxxxxxx',
proxy: true,
cookie: {secure:true},rolling: true
}));


And on the /users route I set a new foo object



/* GET users listing. */
router.get('/', function(req, res, next) {
req.session.foo = "Foo in session"
res.send('respond with a resource');
});


The Index route merely prints out the value of session.



/* GET home page. */
router.get('/', function(req, res, next) {
res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
});


On every browser except mobile Safari, the session includes foo (after visiting the /users route.



Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy set.



Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.



More testing has revealed it is the secure:true that is causing an issue even with trust proxy set. Not sure if this is an iOS bug, Express or an App Engine issue.










share|improve this question





























    0















    I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).



    Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.



    For the test app sessions are configured as follows:



    app.use(session({
    resave: false,
    saveUninitialized: false,
    secret: 'xxxxxxxxxxxx',
    proxy: true,
    cookie: {secure:true},rolling: true
    }));


    And on the /users route I set a new foo object



    /* GET users listing. */
    router.get('/', function(req, res, next) {
    req.session.foo = "Foo in session"
    res.send('respond with a resource');
    });


    The Index route merely prints out the value of session.



    /* GET home page. */
    router.get('/', function(req, res, next) {
    res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
    });


    On every browser except mobile Safari, the session includes foo (after visiting the /users route.



    Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy set.



    Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.



    More testing has revealed it is the secure:true that is causing an issue even with trust proxy set. Not sure if this is an iOS bug, Express or an App Engine issue.










    share|improve this question



























      0












      0








      0








      I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).



      Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.



      For the test app sessions are configured as follows:



      app.use(session({
      resave: false,
      saveUninitialized: false,
      secret: 'xxxxxxxxxxxx',
      proxy: true,
      cookie: {secure:true},rolling: true
      }));


      And on the /users route I set a new foo object



      /* GET users listing. */
      router.get('/', function(req, res, next) {
      req.session.foo = "Foo in session"
      res.send('respond with a resource');
      });


      The Index route merely prints out the value of session.



      /* GET home page. */
      router.get('/', function(req, res, next) {
      res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
      });


      On every browser except mobile Safari, the session includes foo (after visiting the /users route.



      Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy set.



      Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.



      More testing has revealed it is the secure:true that is causing an issue even with trust proxy set. Not sure if this is an iOS bug, Express or an App Engine issue.










      share|improve this question
















      I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).



      Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.



      For the test app sessions are configured as follows:



      app.use(session({
      resave: false,
      saveUninitialized: false,
      secret: 'xxxxxxxxxxxx',
      proxy: true,
      cookie: {secure:true},rolling: true
      }));


      And on the /users route I set a new foo object



      /* GET users listing. */
      router.get('/', function(req, res, next) {
      req.session.foo = "Foo in session"
      res.send('respond with a resource');
      });


      The Index route merely prints out the value of session.



      /* GET home page. */
      router.get('/', function(req, res, next) {
      res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
      });


      On every browser except mobile Safari, the session includes foo (after visiting the /users route.



      Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy set.



      Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.



      More testing has revealed it is the secure:true that is causing an issue even with trust proxy set. Not sure if this is an iOS bug, Express or an App Engine issue.







      express google-app-engine safari express-session






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 28 '18 at 10:48







      TommyBs

















      asked Nov 28 '18 at 8:27









      TommyBsTommyBs

      6,07532244




      6,07532244
























          0






          active

          oldest

          votes











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53515095%2fexpress-session-not-saving-on-ios-safari%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53515095%2fexpress-session-not-saving-on-ios-safari%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          A CLEAN and SIMPLE way to add appendices to Table of Contents and bookmarks

          Calculate evaluation metrics using cross_val_predict sklearn

          Insert data from modal to MySQL (multiple modal on website)