Closed shayneczyzewski closed 1 year ago
Hi @shayneczyzewski - thanks for the bug report.
I'm using the same parameter values - resave: false, saveUninitialized: false - in one project; will keep a look out to see if I encounter this error.
Note: A recent fix from PR #93 may improve matters; not yet sure.
Hi @shayneczyzewski - thanks for the bug report.
I'm using the same parameter values - resave: false, saveUninitialized: false - in one project; will keep a look out to see if I encounter this error.
Note: A recent fix from PR #93 may improve matters; not yet sure.
Thanks @kleydon, I'll give it a go when I get some time this week and let you know. I appreciate your prompt attention!
Same error.
Same error. #93 does not resolve this.
Thanks for checking and updating, @develoQ
@kleydon
If I use deleteMany, it works fine.
Can you keep changing to deleteMany until you get to the root of the problem?
It is better to have working code up-to-date than non-working code up-to-date in the repository!
Hi @develoQ,
If I use deleteMany, it works fine. Can you keep changing to deleteMany until you get to the root of the problem?
Can you elaborate?
Do you mean that if you change certain delete()
calls in the prisma-session-store library to deleteMany()
, you don't encounter the error message? Or do you mean that if you use deleteMany()
instead of delete()
in your own back-end code you don't encounter the error message?
Also (@develoQ and @shayneczyzewski ) it looks like all calls to delete()
and deleteMany()
made from within the library itself occur within try/catch blocks; directly, or indirectly (in the case of the prune()
function) - suggesting that although the error message may appear (in circumstances we are still trying to narrow down), the errors are not causing crash behavior... Are you just seeing undesirable/not-yet-explained error messages - or are you seeing crashing behavior?
Hi @kleydon, it was preventing my app from proceeding normally for me when I opened the issue, not just log messages. I have not yet been able to test the update.
@shayneczyzewski - got it. Hopefully the update improves on this situation; if not, please let us know.
This error seems to occur in 'catch'.
Therefore, this error must be re-catch or the error will be thrown
Hi, I faced similar issue, is there any other alternatives before this issue fixed?
Hi @fakhruz3105 - not that I know of; feel free to post a PR, if you see a fix though.
@develoQ wrote:
This error seems to occur in 'catch'. Therefore, this error must be re-catch or the error will be thrown
Interesting. Can you post a trace that shows this error happening - or explain what might be going wrong in the catch block? I don't yet understand what the error could be.
I recently started seeing this error as well after updating a few NPM packages. After a bit of digging I see that this started happening when updating passport
from version 0.5.3
to 0.6.0
.
When I run a login operation, it also seems to run a session delete operation too, which fails when it can't find a session to delete.
Edit: Reading PassportJS change log, it says:
Ref: https://github.com/jaredhanson/passport/blob/master/CHANGELOG.md
Hi @ecker00 - thanks for this additional context.
When I run a login operation, it also seems to run a session delete operation too, which fails when it can't find a session to delete.
Just to be clear - is this causing a functional problem, a crash, or simply an error message?
The library itself wraps all delete()
/ deleteMany()
calls in try
/catch
logic, so attempting to delete a session which doesn't exist shouldn't itself cause a problem.
One idea: Maybe under the hood, the passport library relies on session.destroy(sid, callback)
's optional callback
, and assumes that this callback should execute normally in the case where the session to destroy is not found?
If you look in passport's code, do you see anything like this?
(Currently, this library supplies callback
with an error argument when the session to destroy is not found; see prisma-session-store.ts, line 223: if (callback) defer(callback, e);
).
The express-session library doesn't specify (as far as I can tell) whether a failure to destroy a session because a session doesn't exist should result in the callback being processed with an error argument or not; we'd have to think through what the implications of changing this would be.
I think a number of user are using passport. If you come up with any solution here, I'm sure people love to hear it!
Correct, it's just displaying the error message logger.warn()
, as it's wrapped in a try/catch. But looks a bit serious when you see this flooding the server logs.
Digging a bit through passport's latest commits between 0.5.3 and 0.6.0, I believe maybe this is the relevant change, where login it will now run req.session.regenerate(…)
, which is an express-session
function (see here and here) that in turn calls destroy()
and then generate()
.
… and assumes that this callback should execute normally in the case where the session to destroy is not found?
By the looks of it, the callback will always be called for both success and exceptions, and pass any error along, if any.
I think the solution would be to simply delete line 220-202, and not display the warning. There is a callback here which will pass on this error message for cases you want to handle this exception.
I think the solution would be to simply delete line 220-202, and not display the warning. There is a callback here which will pass on this error message for cases you want to handle this exception.
Ok - lines deleted in PR #98.
Thank you for such a swift update! 👍
Hi! I'm experiencing a similar issue. It happens when trying to destroy or regenerate a session already removed from the database.
For me, it happens when I'm signing out. The request is done on the front-end in a useEffect
hook, but because of the React's Strict Mode, the hook is called twice, effectively making two requests to the API. That triggers the error, because the session has already been destroyed on the second request.
I'm not sure which is the correct behavior:
In the second case, the store could return error only when there is something wrong with the execution of the query, like when the database is unreachable.
Anyway, I found a workaround for myself, and maybe someone will find it helpful.
await new Promise((resolve, reject) => {
req.session.destroy((err) => {
// ignore an error with code "P2025", which is thrown when the session is not present in the database.
if (err && err.code !== "P2025") {
console.error(err);
reject("Could not sign out.");
} else {
res.clearCookie("id");
resolve();
}
});
});
EDIT: A similar problem occurs when I regenerate a session that was not yet saved (when using the saveUninitialized: false
setting). It then tries to delete a session that was never saved to the store.
@kleydon I'm still experiencing this issue after upgrading to passport 0.6.0
.
This occurs when logging in when there is no existing session.
Error:
Invalid `this.prisma[this.sessionModelName].delete()` invocation in
C:\Projects\finance\todos-express-password\node_modules\@quixo3\prisma-session-store\dist\lib\prisma-session-store.js:266:91
263 case 3:
264 _a.sent();
265 return [3 /*break*/, 6];
→ 266 case 4: return [4 /*yield*/, this.prisma[this.sessionModelName].delete(
An operation failed because it depends on one or more records that were required but not found. Record to delete does not exist.
at RequestHandler.handleRequestError (C:\Projects\finance\todos-express-password\node_modules\@prisma\client\runtime\index.js:28658:13)
at RequestHandler.request (C:\Projects\finance\todos-express-password\node_modules\@prisma\client\runtime\index.js:28640:12)
at async consumer (C:\Projects\finance\todos-express-password\node_modules\@prisma\client\runtime\index.js:29618:18)
at async PrismaClient._request (C:\Projects\finance\todos-express-password\node_modules\@prisma\client\runtime\index.js:29639:16)
@kleydon This issue does not exist when I use the SQLiteStore. Therefore, I suspect that the problem could be fixed within this repository.
EDIT: A similar problem occurs when I regenerate a session that was not yet saved (when using the
saveUninitialized: false
setting). It then tries to delete a session that was never saved to the store.
@mfidor This happens for me even with saveUninitialized: true
. To replicate, try manually deleting session just before the login occurs.
Yes, it fails in every situation where a session should be deleted, and it's not in the database.
@kleydon, I think the call to delete
should be replaced with deleteMany
as it was already suggested. ThedeleteMany
method will not throw an error when nothing matches the criteria. Wether it gets deleted or already does not exist, the session is not in the database, which is the expected outcome.
Here is my temporary hack until this issue is resolved:
router.post('/login', passport.authenticate('local'), (req, res, next) => {
res.sendStatus(200);
}, (err, req, res, next) => {
if (err.code === 'P2025' && err.meta?.cause === 'Record to delete does not exist.') {
return res.redirect(307, req.protocol + '://' + req.get('host') + req.originalUrl);
}
next(err);
},
);
I created a pr with this issue fixed https://github.com/kleydon/prisma-session-store/pull/102#issue-1345392142
This issue should now be fixed in master, based on PR #102 - thanks to @geefuoco.
(Please post if it resurfaces.)
Hi there, we are considering using this library to help us with our Express + Prisma DB-backed sessions at Wasp. In trying it out locally and on Heroku, I found I get similar failures related to deletion that I am unable to diagnose.
For example, locally, when setting:
I get the following error:
I did see the session was actually persisted, however.
And on Heroku, with the following settings (interestingly these did work locally, but other permutations caused issues locally):
I got the following error:
We are using Prisma v3.9.1 and a callback style similar to this example for our login sessions: https://github.com/expressjs/session#user-login where we
save
inside aregenerate
.Here is the full session store config in which the above lives:
Are the errors I am getting due to this style of saving the session, or perhaps from the config settings? Anything else I can do to help debug this, as I'm not entirely sure what the library is attempting to do there with the deletions? Thanks!