79343117

Date: 2025-01-09 15:16:15
Score: 3
Natty:
Report link

I have exactly the same problem with my front in nextjs and my back in expressjs with an auth in express-session and storage on redis. When I want to recover my session, it recreates a new one. However, I don't have the same problem in development as in production.

  app
.use(
  helmet({
    hsts: {
      maxAge: 31536000, 
      includeSubDomains: true, 
      preload: true, 
    },
  })
)

.use(
  cors({
    origin: `${
      process.env.NODE_ENV === "production"
        ? process.env.FRONT_URL
        : "http://localhost:3000"
    }`,
    credentials: true,
  })
)
.use(cookieParser())
.use(express.json())
.use(
  session({
    store: new RedisStore({
      client: redisClient,
    }),
    secret: process.env.SESSION_SECRET!,
    resave: false,
    saveUninitialized: false,
    cookie: {
      secure: process.env.NODE_ENV === "production",
      sameSite: "lax",
      maxAge: 1000 * 60 * 60 * 24 * 7,
      httpOnly: true,
    },
  })
);

express-session also generates a cookie for me, but it is not automatically sent to my front end, so I have to add it to the res manually.

Reasons:
  • RegEx Blacklisted phrase (1): I want
  • Long answer (-1):
  • Has code block (-0.5):
  • Me too answer (2.5): I have exactly the same problem
  • Me too answer (0): have the same problem
  • Low reputation (1):
Posted by: Thomas A