Home > Software design >  Nodejs server doesn't recognize saved cookie sessionId
Nodejs server doesn't recognize saved cookie sessionId

Time:10-03

I have a nodejs/express server with the following code

const express = require('express');
const app = express();
const bodyParser = require('body-parser');
const cookieparser = require("cookie-parser");
const { randomBytes } = require('crypto');

const COOKIE_SECRET = 'aavslrhe158ewuycvasjy7et2hvh2ytt0';
var SESSIONS = {};


app.use(
    express.static(__dirname   '/public'),
    bodyParser.urlencoded({ extended: false }),
    bodyParser.json(),
    cookieparser(COOKIE_SECRET)
);


app.get("/login", function (request, response){
    response.sendFile(__dirname   "/views/login.html");
});
app.post("/verifyaccount", function (request, response){
    const nextSessionId = randomBytes(16).toString('base64');
    response.cookie("sessionId", nextSessionId, { maxAge: 3600, httpOnly: true, Secure: true });
    SESSIONS[nextSessionId] = request.body.sz_Username;
    response.status(response_status).redirect('/admin');
}
app.get("/admin", function (request, response){
    if(!is_authorized(request.cookies.sessionId)){
        response.redirect('/login');
    }
    else{
        response.sendFile(__dirname   "/views/admin.html");
    }
});
app.post("/addproject", function(request, response){

    if(!is_authorized(request.cookies.sessionId)){
        response.redirect('/login');
    }
    else{
    }
}


function is_authorized(sessionId){
    var authorized = false;
    if (SESSIONS[sessionId]) {
        authorized = true;
    }
    return authorized;
}

So when I login the credentials go to /verifyaccount, there I check if they're correct. Then it creates a cookie in my browser: sessionId:"KlS6xuspQ4GczVqqpSc2Nw==" and stores it in the SESSIONS variable. I get redirect to /admin where the authorization works.

But when I am in admin.html and send data to /addproject I get redirect to /login because the authorization fails. The request.cookies.sessionId is undefined. The cookie keeps existing in my browser, so I don't know what the problem is, since the cookie was correct in /admin.

Edit: after being redirect to /admin from /login if I go back to /login or / and then attempt to /admin from the url I get the same undefined error. Which should not occur since the cookie expires in 1 hour.

CodePudding user response:

"maxAge is in milliseconds. Your cookie is expiring 3.6 seconds after you set it" -clubby789 htb

  • Related