I am a bit rusty with sessions and authentication so bear with me. I am attempting to make a simple login function for my site, users can sign up successfully and their information gets stored within MongoDB. When trying to have a user login, and create a session ID, i can see the session get stored in my ‘sessions’ collection, but not within the ‘cookies’ on the browser, I also cannot access the “logged in” users data once they get past the login page.
Using mongoose, express-session, and connect-mongo
Users.js
router.post('/login', async (req, res, next) => {
const { username, password } = req.body
const user = User.findOne({ username: username })
.then(async (response) => {
if (!user) {
return res.send('User not found')
}
bcrypt.compare(password, response.password, function (err, result) {
if (result !== true) {
return res.status(500).json(err)
}
req.session.user = {
username,
password,
isLoggedIn: true
}
req.session.save()
res.status(200).send()
})
})
.catch((err) => {
console.error(err)
res.status(400).json({ error: 'Internal Error' })
return
})
})
server.js
mongoose.connect("mongodb://localhost/BookNest")
app.use(session({
secret: 'my-secret',
resave: false,
saveUninitialized: true,
store: MongoStore.create({
mongoUrl: "mongodb://localhost/BookNest"
})
}));
Ive attempted to console log req.session and req.sessionID both of which return my ‘session id’, but still cannot do account actions once logged in.