快速会话无法检索会话变量

Question

I am using express-session to store my sessions persistently on a MongoDB database.

The project worked perfectly in a development environment but for some reasons the session variable saved in case of successful login is not sent to the front-end (it's undefined) in a production envirornment:

server.js [backend]

const express = require('express');
const app = express();
const controllers = require('./controllers/adminControllers');
const router = require('./router/adminRouter');
const bodyParser = require('body-parser');
const cors = require('cors');
const dotenv = require('dotenv').config()
const session = require('express-session');
const MongoDBStore = require('connect-mongodb-session')(session);




app.use(cors({
origin: 'http://localhost:3000',
optionsSuccessStatus: 200, 
credentials:true
}))

var store = new MongoDBStore({
uri:process.env.MONGO,
collection:'mySessions'
})

store.on('error',function(error){
console.log('session error');
});

app.use(require('express-session')({
secret:'justasecret',
cookie:{maxAge:1000 * 60 *60 *24*7},
store:store,
resave:true,
saveUninitialized:true
}))

app.use(bodyParser.urlencoded({ extended: true }))
app.use(bodyParser.json())

app.use((req,res,next)=>{
console.log(req.session);
next()
})

app.use('/', router);

app.listen(process.env.PORT || 3001); 

login_controller.js [backend]

                                req.session.isLogged =true;
                                req.session.user = user;
                                req.session.save()
                                res.json({success:true});

As you can see from the code above session variable stores the user object persistently, the user object does get saved in the MONGO database , but it does not get retrieved apparently.

get_user_frontend [ frontend ]

fetch('https://backend-server/get_user',{
credentials:'include',

})

get_user_controller.js [backend]

exports.getUser = (req,res,next)=>{

if(req.session.isLogged===false){
return res.json({user:{isLogged:false}})
}return res.json(req.session)}

The above middleware is responsible for sending user data at every frontend call, but for some reason res.session.isLogged is undefined, as well as the req.session.user object.

the only data I am able to retrieve from the req.session variable is:

cookie: {originalMaxAge: 604800000, expires: '2022-05-14T07:56:24.626Z', httpOnly: true, 
path: '/'}

While in the MongoDB database data is stored correctly:

_id:"LfoXW1yf_E8gLMyMLtlesuBVevVAJjm9"
expires:2022-05-13T09:05:59.386+00:00
session:Object
cookie:Object
isLogged:true
user:Object

I fail to understand why the session variable does not persist in the backend, even if it get stored in the database correctly.

Answer 1

I actually solved the problem making the following changes in the express-session cookie configuration:

app.set("trust proxy", 1);  //<--
app.use(session(  
{

secret: 'iamjustasecret',
store: store,
maxAge:100000,
proxy:true,    // <----
  cookie: {
  httpOnly:true,
  sameSite: process.env.NODE_ENV === "production" ? 'none' : 'lax',  //<--
  secure: true

}}))