Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie question #62

Closed
leviathan747 opened this issue Jul 8, 2014 · 9 comments
Closed

cookie question #62

leviathan747 opened this issue Jul 8, 2014 · 9 comments
Labels
question

Comments

@leviathan747
Copy link

When handling a GET request with my express router, I get the following error:

express-session deprecated cookie should be available in req.headers.cookie node_modules/express/lib/router/index.js:263:17

I do not know what I am doing wrong. Help would be appreciated!

Levi
@joewagner
Copy link
Member

express-session's dependency on cookie-parser has been removed. That message should come up when the cookie isn't available in req.headers.cookie.
Is your app still working, as you would expect?
What version of express are you using?

@leviathan747
Copy link
Author

The app is still working as expected. I'm using express 4.5.1 and express-session 1.6.4

@joewagner
Copy link
Member

Can you post a gist that reproduces the issue?

@leviathan747
Copy link
Author

I found the issue (I'm relatively new to express). I had not declared req.headers.cookie. I added a line

req.headers.cookie = null;

and that solved the issue. I guess it was not able to access it because it didn't exist. Thanks for your time.

@joewagner
Copy link
Member

Its strange that req.headers.cookie = null; solves your issue. the deprecated message should only show up if the cookie is not available at req.headers.cookie, but was available in req.cookies, or req.signedCookies.

@leviathan747
Copy link
Author

Here's the relevant snippet from my app.js. As I said I'm new to express so I may have a glaring mistake I just don't have the intuition to catch.

app.use(function(req, res, next) {
    req.db = db.db;
    req.encoder = new Encoder('entity');
    req.session = null;
    req.headers.cookie = null;
    next();
});

app.use(partials());
app.use(cookieParser());
app.use(session({
    secret: ''+new Date().getTime(),
    cookie: {secure: false},
    resave: true,
    saveUninitialized: true
}));

app.set('port', process.env.PORT || defaultPort);
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: 'false'}));
app.use(express.static('public'));
app.use(express.static(path.join(__dirname, 'public')));

@joewagner
Copy link
Member

You shouldn't be doing anything to req.session, or req.headers.cookie directly.
You should be able to remove the cookieParser() middleware. Unless you need is for something else, and then you can put it after the session middleware.

@dougwilson
Copy link
Contributor

The warning is because your secret is ''+new Date().getTime(), so it is different every time you restart the server and it's confusing the internals of this module. Your secret needs to be static. Also, remove app.use(cookieParser());

Its strange that req.headers.cookie = null; solves your issue

@joewagner it made the issue so away because it removed the cookies, essentially, so the module was no longer confused from having an invalid secret.

@leviathan747
Copy link
Author

Thanks for the help!

dougwilson added a commit that referenced this issue Jul 8, 2014
@dougwilson
Move req.cookies warning after validating signature
a8e634e 
fixes #62
@expressjs expressjs locked and limited conversation to collaborators Jul 9, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dougwilson @joewagner @leviathan747