When I have the following, sessions are persisted and the page counts the number of visits.

app.set('trust proxy', true)
// The documentation specifies '1' instead of 'true'

app.use(session({
   secret: 'my secret',
   proxy: true,
   resave: false,
   saveUninitialized: true,
   cookie: { secure: false }
}))

app.listen(3000, function(){
   console.log("Server is connected!");
});

app.get("/login", (req, res) => {
   if(req.session.page_views){
       req.session.page_views++;
       res.send("You visited this page " + req.session.page_views + " times");
   } else {
       req.session.page_views = 1;
       res.send("Wele to this page for the first time!");
   }
});

However, when I remove the app.listen(3000, ...) and instead run in localhost through the mand firebase serve in the CLI, sessions are not persisted.

I also tried running on production environment through firebase deploy but, again, sessions are not persisted.

I have tried multiple options on the app.use(session({ and I believe the solution might be there.

Any remendations?

UPDATE

const express = require('express');
const session = require('express-session');
const FirestoreStore = require('firestore-store')(session);
const bodyParser = require('body-parser');

app.use(cookieParser('My secret'));
app.use(bodyParser.urlencoded({ extended: true }));

app.use(session({
    store: new FirestoreStore({
         database: firebase.firestore()
    }),
    secret: 'My secret',
    resave: true,
    saveUninitialized: true,
    cookie: {maxAge : 60000,
             secure: false,
             httpOnly: false }
}));

When I have the following, sessions are persisted and the page counts the number of visits.

app.set('trust proxy', true)
// The documentation specifies '1' instead of 'true'

app.use(session({
   secret: 'my secret',
   proxy: true,
   resave: false,
   saveUninitialized: true,
   cookie: { secure: false }
}))

app.listen(3000, function(){
   console.log("Server is connected!");
});

app.get("/login", (req, res) => {
   if(req.session.page_views){
       req.session.page_views++;
       res.send("You visited this page " + req.session.page_views + " times");
   } else {
       req.session.page_views = 1;
       res.send("Wele to this page for the first time!");
   }
});

However, when I remove the app.listen(3000, ...) and instead run in localhost through the mand firebase serve in the CLI, sessions are not persisted.

I also tried running on production environment through firebase deploy but, again, sessions are not persisted.

I have tried multiple options on the app.use(session({ and I believe the solution might be there.

Any remendations?

UPDATE

const express = require('express');
const session = require('express-session');
const FirestoreStore = require('firestore-store')(session);
const bodyParser = require('body-parser');

app.use(cookieParser('My secret'));
app.use(bodyParser.urlencoded({ extended: true }));

app.use(session({
    store: new FirestoreStore({
         database: firebase.firestore()
    }),
    secret: 'My secret',
    resave: true,
    saveUninitialized: true,
    cookie: {maxAge : 60000,
             secure: false,
             httpOnly: false }
}));

• javascript
• firebase
• express
• firebase-hosting

Share Improve this question Follow edited Jul 4, 2018 at 17:53 rgoncalv asked Jul 1, 2018 at 0:30 rgoncalvrgoncalv 6,05577 gold badges3737 silver badges6262 bronze badges

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 4

I will suggest something, instead of using this FirestoreStore, I will suggest you use this FirebaseStore.

And I noticed you're using Express, so you might want to check the usage below:

Express

NOTE: In Express 4 express-session must be passed to the function connect-session-firebase exports in order to extend express-session.Store:

const express = require('express');
const session = require('express-session');
const FirebaseStore = require('connect-session-firebase')(session);
const firebase = require('firebase-admin');
const ref = firebase.initializeApp({
  credential: firebase.credential.cert('path/to/serviceAccountCredentials.json'),
  databaseURL: 'https://databaseName.firebaseio.'
});

express()
  .use(session({
    store: new FirebaseStore({
      database: ref.database()
    }),
    secret: 'keyboard cat'
    resave: true,
    saveUninitialized: true
  }));

And you might also want to really consider the Security provided by that dependency

If you use a publicly available Firebase Database, please set proper rules:

{
  "rules": {
    ".read": "false",
    ".write": "false",
    "sessions": {
      ".read": "false",
      ".write": "false"
    },
    "some_public_data": {
      ".read": "true",
      ".write": "auth !== null"
    }
  }
}

You can get to read more about Firebase rules and connect-session-firebase

If you are using firebase hosting you might as well use a connector which connects your express session with firebase.

You can try connect-session-firebase middleware which will integrate the firebase database store with the current express session. This might resolve your issue regarding session persistence.

UPDATE:

If you are using firebase hosting and cloud functions then you can only set a cookie with name __session. You might have to use this name to persist sessions in firebase hosting.

app.use(session({
    store: new FirestoreStore({
         database: firebase.firestore()
    }),
    name: '__session',
    secret: 'My secret',
    resave: true,
    saveUninitialized: true,
    cookie: {maxAge : 60000,
             secure: false,
             httpOnly: false }
}));

For more info:

• https://github./expressjs/session/issues/505
• firebase cloud function won't store cookie named other than "__session"