express-session 无法在生产环境中设置 connect.sid cookie

Question

App is using postgres pool to store sessions. Worked up until the application was monolithic and requests were being routed through reverse-proxy. But now it's its own service deployed to production on Elastic Beanstalk and is not behaving the desired way.

app.use(cors({credentials: true, origin: 'http://localhost:3000'}));

var sess = {
    store: new (connectPgSimple(session))({ pool: db.pool }),
    cookie: { 
        maxAge: 30 * 24 * 60 * 60 * 1000,
        httpOnly: false
    },
    secret: process.env.COOKIE_SECRET,
    resave: false,
    saveUninitialized: true,
}

// Trust first proxy for production
if (process.env.NODE_ENV === 'production') {
    app.set('trust proxy', 1) 
    sess.cookie.secure = true
}

app.use(session(sess));

Also added the withCredentials: *true* to all requests from client.

It seems to be that the connect.sid session cookie only gets set when the incoming request is proxied to the express server. I tried the variation of config with express-session to trust the proxy and it still does not create the required cookie.

Sample response for a POST request You can see the response sending the Set-Cookie header back when I check Application > Storage > Cookies I don't see the connect.sid cookie

Answer 1

For someone who is experiencing the issue of express-session unable to set connect.sid cookie . Also, you can check if your 'saveUninitialized': true, is true which means that since if put 'saveUninitialized': false, no cookie will get set since there is nothing causing the cookie to ever get set.