Express Session not saving on iOS safari
I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).
Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.
For the test app sessions are configured as follows:
app.use(session({
resave: false,
saveUninitialized: false,
secret: 'xxxxxxxxxxxx',
proxy: true,
cookie: {secure:true},rolling: true
}));
And on the /users route I set a new foo
object
/* GET users listing. */
router.get('/', function(req, res, next) {
req.session.foo = "Foo in session"
res.send('respond with a resource');
});
The Index route merely prints out the value of session.
/* GET home page. */
router.get('/', function(req, res, next) {
res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
});
On every browser except mobile Safari, the session includes foo
(after visiting the /users
route.
Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy
set.
Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.
More testing has revealed it is the secure:true
that is causing an issue even with trust proxy
set. Not sure if this is an iOS bug, Express or an App Engine issue.
express google-app-engine safari express-session
add a comment |
I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).
Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.
For the test app sessions are configured as follows:
app.use(session({
resave: false,
saveUninitialized: false,
secret: 'xxxxxxxxxxxx',
proxy: true,
cookie: {secure:true},rolling: true
}));
And on the /users route I set a new foo
object
/* GET users listing. */
router.get('/', function(req, res, next) {
req.session.foo = "Foo in session"
res.send('respond with a resource');
});
The Index route merely prints out the value of session.
/* GET home page. */
router.get('/', function(req, res, next) {
res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
});
On every browser except mobile Safari, the session includes foo
(after visiting the /users
route.
Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy
set.
Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.
More testing has revealed it is the secure:true
that is causing an issue even with trust proxy
set. Not sure if this is an iOS bug, Express or an App Engine issue.
express google-app-engine safari express-session
add a comment |
I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).
Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.
For the test app sessions are configured as follows:
app.use(session({
resave: false,
saveUninitialized: false,
secret: 'xxxxxxxxxxxx',
proxy: true,
cookie: {secure:true},rolling: true
}));
And on the /users route I set a new foo
object
/* GET users listing. */
router.get('/', function(req, res, next) {
req.session.foo = "Foo in session"
res.send('respond with a resource');
});
The Index route merely prints out the value of session.
/* GET home page. */
router.get('/', function(req, res, next) {
res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
});
On every browser except mobile Safari, the session includes foo
(after visiting the /users
route.
Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy
set.
Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.
More testing has revealed it is the secure:true
that is causing an issue even with trust proxy
set. Not sure if this is an iOS bug, Express or an App Engine issue.
express google-app-engine safari express-session
I've got a web app that makes use of express-session. Everything works fine on Safari and Chrome on MacOS and on Chrome on iOS. However on iOS Safari, although the session is saved to the store, Safari seems to generate a new session on a subsequent page load. Unfortunately for me, the target browser for this web app is actually iOS on Safari (this is something out of my control).
Although this issue appears in a more complex web app using a Postgres backed session store, I can also recreate it with an out-the-box express generator created app.
For the test app sessions are configured as follows:
app.use(session({
resave: false,
saveUninitialized: false,
secret: 'xxxxxxxxxxxx',
proxy: true,
cookie: {secure:true},rolling: true
}));
And on the /users route I set a new foo
object
/* GET users listing. */
router.get('/', function(req, res, next) {
req.session.foo = "Foo in session"
res.send('respond with a resource');
});
The Index route merely prints out the value of session.
/* GET home page. */
router.get('/', function(req, res, next) {
res.render('index', { title: 'Express', session:JSON.stringify(req.session) });
});
On every browser except mobile Safari, the session includes foo
(after visiting the /users
route.
Does anyone know what could be going on here? This is being hosted on Google App Engine, and I've also tried this with trust proxy
set.
Having run this test app on Google Compute Engine using Nginx and the same major node version (8), I can confirm this does work on mobile safari. So it appears that the issue is to do with App Engine somewhere along the line.
More testing has revealed it is the secure:true
that is causing an issue even with trust proxy
set. Not sure if this is an iOS bug, Express or an App Engine issue.
express google-app-engine safari express-session
express google-app-engine safari express-session
edited Nov 28 '18 at 10:48
TommyBs
asked Nov 28 '18 at 8:27
TommyBsTommyBs
6,07532244
6,07532244
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53515095%2fexpress-session-not-saving-on-ios-safari%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53515095%2fexpress-session-not-saving-on-ios-safari%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown