I have experienced same problem. It can be tested by external simple test.html file with form

<form name="someForm" action="http://localhost:3000/some-url" method="POST"></form>

In requested url in req.headers sometimes present req.cookie, and sometimes not. When not - of course session was deleted. I could not find reason of this. My solution was simple. Make middleware before app.use(session({})

app.use((req,res) => {
    if (req.path === '/some-url') {
        //logic
    }
})
app.use(session({})

But i would like to know really reason of this, not a work around.