Closed averybuehler closed 1 year ago
I think its pretty common to get a new session id once you sign in, to I guess eg. make session fixation attacks harder.
You may find better help in the express-session
project as this is probably more related to the general workings of session rather than this specific backend.
Do you still have an issue with this @AveryBuehler? I'm going to close this for now, but comment again and I can open it up for further investigation.
Sorry for being so slow to respond, my paid assignments took all of my time and I currently can not afford to turn paid work down.
I'm trying to implement session-based authentication in Nest.js using Passport.js and I've run into an issue. I'm not sure if this is directly related to
connect-pg-simple
but I've tried debugging and can't seem to identify the issue.I have this route:
What I see in the console is this:
This is what gets stored in the database:
I don't understand why
request.sessionID
is changing, and that's the root of my issue. The session with the id ofNWdZEuZFqg4tWoQKPMHOW6BjNE9Y-3ML
gets returned to the client and is not logged in. The session with the id ofOBoHcDJkAIRTCQh0yM1TrRlUc6TKrnsY
, however, is logged in but is never sent to the client (because the first session was). I don't understand why the session id is changing because it's not allowing me to authenticate the user upon registering.The ideal behavior is for only one session to be created, for that session to be logged in, and for that session to be returned to the client.
Does anyone have any insight into what might be causing this? I've been troubleshooting forever but can't find any solutions.