Use express-session in CORS?

vrintle · October 21, 2020, 3:23am

Project (client): https://mcve.glitch.me
Project (server): https://serve-mcve.glitch.me

I’m trying to use express-session to store session cookies on server side. But, for some reasons, the cookies aren’t stored. I’ve learnt express-session from glitchypastepen project. And, there it works, IMO.

You can see console is logging:

text: tree
session text (init): tree
session text (final): undefined

The above project is a sample of a big upcoming project
Is this problem happening due to a cross-origin request? or are there any other reasons?

Edit page (server): https://glitch.com/edit/#!/serve-mcve
(logs have been mentioned in there)

CarlyRaeJepsenStan · October 21, 2020, 6:08am

For the lazy people among us, could you paste the lines of code that produces the console output?

Jonyk56 · October 22, 2020, 12:33pm

@vrintle here is a fix!

go to package.json, and install the package “cors”
Go to the file with the server data, and put in the following line of code at the top: var cors = require("cors")
Go to where you initialize your express app ( Where you see var app = express() and go one line down
put the following code on that line: app.use(cors())

That will fix cors being a pain in the butt, and actually let requests and such through.

Jonyk56 · October 22, 2020, 1:36pm

please lmk if this fixed your issue

vrintle · October 22, 2020, 1:46pm

@Jonyk56 No, actually it would work if I hadn’t been storing cookies, and doing just GET and POST requests.

Reason: the cors library wouldn’t work here as in cors, they probably do:

resp.header('Access-Control-Allow-Origin', '*');
resp.header('Access-Control-Allow-Headers', '*');

which would fail if I’m storing cookies!

On MDN, I got the exact solution, which I’m sharing now,

resp.header('Access-Control-Allow-Credentials', true);
resp.header('Access-Control-Allow-Origin', 'https://mcve.glitch.me'); // only_one_url_here');
resp.header('Access-Control-Allow-Headers', 'Content-Type, POST, GET, OPTIONS, DELETE');

And, while doing fetch on client-side, add credentials: "include" like,

fetch('https://serve-mcve.glitch.me/add', {
    ...
    credentials: 'include',
    ...
})

Jonyk56 · October 22, 2020, 1:48pm

they both should work…?

vrintle · October 22, 2020, 2:01pm

@Jonyk56 see this post on stackoverflow. It is the post which solved my issue

system · April 20, 2021, 2:01pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't set up CORS Coding Help javascript , nodejs , express	5	458	January 27, 2024
Trying to use glitch as an API Glitch Help	12	668	June 29, 2021
Expressjs question Glitch Help	20	1628	September 8, 2019
Request.session refreshes whenever a project is restarted Coding Help nodejs	11	443	April 30, 2020
Express-Session cookie not set if secure Coding Help nodejs	4	4018	April 20, 2020

Use express-session in CORS?

Related topics