I cant find where i fail to check session with my electron app. My application is composed from a client site (main.js, preload.js and renderer (with some html files of course)), and a backend side in node.js with Express. All work fine between the too, excepte in one case: The verify if one user have a session in the backend for auto-login when the user start the App.This is the main.js (client side) file:
axios.get('http://localhost:9090/oauth/express-session-exist')
.then(response => {
if (response.data.success) {
const userIsConnected = store.get('user_publickey');
if (userIsConnected) {
if (store.get('user_active') == 'false') {
mainWindow.loadFile('discovery.html');
} else {
mainWindow.loadFile('app.html');
}
} else {
mainWindow.loadFile('oauth.html');
}
} else {
const userIsConnected = store.get('user_publickey');
if (userIsConnected) {
store.clear();
}
mainWindow.loadFile('oauth.html');
}
})
.catch(error => {
console.error(error);
mainWindow.loadFile('oauth.html');
});
And this is the backend fonction:
router.get('/express-session-exist', (req, res) => {
if (req.session.user) {
res.json({ success: true, data: req.session.user });
} else {
res.json({ success: false });
}
});
And i am pretty sure the session is well created when i login my user for the first time with this backend function:
// Login
router.post('/login', async (req, res) => {
const { email, password } = req.body;
try {
const existingUser = await oauthModel.findUserByEmail(email);
if (existingUser) {
const passwordMatch = await bcrypt.compare(password, existingUser.user_password);
if (passwordMatch) {
// Here, i created the express-session and put in value, then return the value to
// Electron. A console.log() in the client show prefectly the data of the session.
req.session.user = {
publickey: existingUser.user_publickey,
regenerativekey: existingUser.user_regenerativekey,
email: existingUser.user_email,
alias: existingUser.user_alias,
};
const toElectron = req.session.user;
res.status(200).json({ success: true, message: 'user-logged-in', user: toElectron });
} else {
res.status(401).json({ success: false, message: 'wrong-password' });
}
} else {
res.status(401).json({ success: false, message: 'cant-find-email' });
}
} catch (error) {
console.log(error)
res.status(500).json({ success: false, message: 'ie500', error });
}
});
i dont know where to look at this point, AXIOS send request with the cookie so i dont know… Thank for reading me guys.
For informations this is my app.js:
// app.js
// Express setup
const express = require('express');
const session = require('express-session');
const app = express();
const port = 9090;
// Chargement des modules
const http = require('http');
const server = http.createServer(app);
const cors = require('cors');
const bodyParser = require('body-parser');
// Utiliser les sessions
const sessionMiddleware = session({
secret: 'mySecret',
resave: true,
saveUninitialized: true,
cookie: {
sameSite: 'Lax',
maxAge: 1000 * 60 * 60 * 24 * 1000,
secure: false // CARE PRODUCTION
}
});
app.use(express.static('public'));
app.use(cors({
origin: ['http://localhost:9090'],
credentials: true
}));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(sessionMiddleware);
// Declaration Controllers
const oauthController = require('./controllers/oauth');
// Use Controllers
app.use('/oauth', oauthController);
server.listen(port, () => {
console.log(`Server listening :${port}`);
});
I expect my route /express-session-exist to see that a session is created and return true. But she constantly return false.