nginx does not persist session information across redirects

[mhkeller]

apikey and org id are not persisted on session object after res.redirects

06:32:50.52 (in auth.js:19)
Calling api:  { internal: false,
  method: 'POST',
  uri: 'http://localhost:5000/auth/v1/login',
  auth: undefined,
  headers: { 'Cache-Control': 'No-Cache' },
  gzip: true,
  form:
   { email: 'changeme@example.com',
     password: 'admin',
     remember_me: 'on',
     redirect_url: 'http://localhost:3001/login' },
  json: true }
sesh { cookie:
   { path: '/',
     _expires: false,
     originalMaxAge: false,
     httpOnly: true,
     secure: true },
  redirect_page: '/',
  apikey: 'mj',
  org_id: 1 }
redirecting to http://localhost:3001/
POST /auth/_VERSION/login 302 39ms - 100b
2015-08-20T06:32:50+0000 <log> app.js:68 (Layer.handle) session { cookie:
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true,
     secure: true } }
2015-08-20T06:32:50+0000 <log> app.js:69 (Layer.handle) path /
GET / 302 7ms - 68b
2015-08-20T06:32:50+0000 <log> app.js:68 (Layer.handle) session { cookie:
   { path: '/',
     _expires: null,
     originalMaxAge: null,
     httpOnly: true,
     secure: true } }

[mhkeller]

this might be a permissions issue with the session store not having privileges to write to /opt/newslynx/newslynx-app/db

[mhkeller]

Nope, seems that the session store is writing the correct values

[mhkeller]

Tried a bunch of things including switching session stores, diff't proxy settings. Looking here for now: http://stackoverflow.com/questions/32133595/expressjs-creates-new-session-every-page-load

[mhkeller]

https was set to true which meant that cookies weren't being set over http. Set the default to false in automation: https://github.com/newslynx/automation/commit/08f30c1e1a8be926a7dfe73b992bab2168675514

With a note that it should be changed for production: https://github.com/newslynx/automation/commit/2800be1253cbfc192a38c15532cd5b9f9badecf9