Express-Session 在 REST 客户端（VS Studio 扩展）上运行良好，但在 React 站点中却不行

Question

Basically, if I declare a session variable on one route, I can't access it (undefined) in another one.

This is my middleware:

app.use(cors({
 origin: ["http://localhost:3000"], methods: ["GET", "POST"] })); 
app.use(session({ 
 secret: process.env.SESSION_SECRET, 
 resave: false, saveUninitialized: false 
 }));

And this is my /log-in route:

router.post('/api/users/auth/log-in/', async (req, res) => {
 // ... user authentication logic, here 'authenticated' boolean is defined 
 req.session.authenticated = authenticated; 
 req.session.save(); 
 if (authenticated) req.session.user = req.body.username; 
 res.json({"success": true, "authenticated": authenticated}); 
});

If I log the session variable inside this route, It works just fine.

But then, in another route, when accessing with req.session.authenticated , the variable returns an undefined .

I'm sure there's something I'm missing but I can't make it work. Any help is appreciated!

To clarify, If I do all this (logging in and checking if I'm authenticated) from REST client, it works fine.

Answer 1

If it works fine via your REST client and not via the app, it probably means the cookie is not being sent. Have you checked the requests int the developer tools network tab?

Just a small note on your code:

// this has no impact because after this route completes, req is destroyed. 
// It is the express-session middleware that will pickup the cookie 
// and populate the req.session object for incoming each request.
if (authenticated) req.session.user = req.body.username; 

Answer 2

Turns out I was missing the credentials handling on each fetch, so the cookie wasn't been sent

Adding credentials: 'include' to every fetch request solved it.