I hope that all is well…
I am facing an issue where I am setting cookies and session values at login on the backend, which is node js. However, when react calls the API that verifies the cookies or sessions values, the values returns undefined… I know my middleware is fine because I can log data automatically to the DB, which is MySQL. I have tried switching req.session.isAdmin, req.session.loggedIn, and req.session.username to req.cookies.isAdmin, req.cookies.loggedIn, and req.cookies.username but that did not work. The code is below, any advice will truly help. Please note I am trying to configure cookie the best way possible as I am new to setting cookies, any lessons are welcomed!
Index.js
require('dotenv').config();
const host = process.env.HOST;
const port = process.env.PORT;
const express = require('express');
const app = express();
const cors = require('cors');
const session = require('express-session');
const SqlDbStore = require('express-mysql-session')(session); // Import SqlDbStore
const cookieParser = require('cookie-parser');
app.use(cors());
app.use(express.json());
app.use(cookieParser());
app.use(
session({
key: 'BibleTriviaSessionCookies',
secret: '3B4F7C4E6DA85A5176758B437A22A',
store: new SqlDbStore({
host: process.env.DB_Host,
port: process.env.DB_Port,
user: process.env.DB_User,
password: process.env.DB_Pass,
database: process.env.DB_Data,
}),
resave: false,
saveUninitialized: false,
cookie: {
maxAge: 1000 * 60 * 60 * 24,
secure: true,
},
})
);
app.get('/', (req, res) => {
res.send("The server is running successfully. <br/>The server is running on port " + port + "... <br/>The server url is " + host + ":" + port + "...")
});
const userRoute = require('./routes/User');
app.use('/user', userRoute);
const adminRoute = require('./routes/Admin');
app.use('/admin', adminRoute);
const triviaRoute = require('./routes/Trivia');
app.use('/trivia', triviaRoute);
app.listen(port, (req, res) => (
console.log("Server running on port " + port + "...")
));
Login and CheckLogin Routes from User.Js
//Login Page
router.post('/login', async (req, res) => {
const username = req.body.username;
const password = req.body.password;
try {
const userVerification = await db.query('SELECT * FROM userverification WHERE accountUsername = ?', [username]);
const userLogin = await db.query('SELECT * FROM users WHERE accountUsername = ?', [username]);
const adminVerification = await db.query('SELECT * FROM adminusersverification WHERE accountUsername = ?', [username]);
const adminLogin = await db.query('SELECT * FROM adminusers WHERE accountUsername = ?', [username]);
// Check User Verification
if (typeof userVerification[0][0] !== 'undefined') {
sg.sendVerification(userVerification[0][0].accountEmail, userVerification[0][0].accountFirstName, userVerification[0][0].accountLastName, username);
res.json({ message: 'User needs to check email to verify account' });
}
// Check User Table
else if (typeof userLogin[0][0] !== 'undefined') {
const result = await new Promise((resolve, reject) => {
bcrypt.compare(password, userLogin[0][0].accountPassword, (err, result) => {
if (err){
reject(err);
}
else {
resolve(result);
}
});
});
if (result === true) {
req.session.username = username;
req.session.loggedIn = true;
req.session.isAdmin = false;
res.cookie('username', username);
res.cookie('loggedIn', true);
res.cookie('isAdmin', false);
res.setHeader('Set-Cookie-Instructions', 'loggedIn=true; username=username; isAdmin=false');
return res.json({ loggedIn: true, username: username });
}
else {
return res.json({ loggedIn: false, message: 'Account Does Not Exist or Password Is Incorrect!' });
}
}
// Check Admin Verification
else if (typeof adminVerification[0][0] !== 'undefined') {
sg.sendAdminVerification(adminVerification[0][0].accountEmail, adminVerification[0][0].accountFirstName, adminVerification[0][0].accountLastName, username);
res.json({ message: 'User needs to check email to verify account' });
}
// Check Admin Table
else if (typeof adminLogin[0][0] !== 'undefined') {
const result = await new Promise((resolve, reject) => {
bcrypt.compare(password, adminLogin[0][0].accountPassword, (err, result) => {
if (err){
reject(err);
}
else {
resolve(result);
}
});
});
if (result === true) {
req.session.username = username;
req.session.loggedIn = true;
req.session.isAdmin = true;
res.cookie('username', username);
res.cookie('loggedIn', true);
res.cookie('isAdmin', true);
res.setHeader('Set-Cookie-Instructions', 'loggedIn=true; username=username; isAdmin=true');
return res.json({ loggedIn: true, username: username, isAdmin: true });
}
else {
return res.json({ loggedIn: false, message: 'Account Does Not Exist or Password Is Incorrect!' });
}
} else {
return res.json({ loggedIn: false, message: 'Account Does Not Exist or Password Is Incorrect!' });
}
} catch (err) {
console.log(err);
return res.json({ message: 'An Error Occured!' });
}
});
router.post('/checkLogin', (req, res) => {
const expectedIsAdmin = req.session.isAdmin; // Get isAdmin from the server's session
const expectedLoggedIn = req.session.loggedIn; // Get loggedIn from the server's session
const expectedUsername = req.session.username; // Get username from the server's session
const receivedIsAdmin = req.body.isAdmin;
const receivedLoggedIn = req.body.loggedIn;
const receivedUsername = req.body.username;
console.log(receivedIsAdmin + ' <-> ' + expectedIsAdmin)
console.log(receivedLoggedIn + ' <-> ' + expectedLoggedIn)
console.log(receivedUsername + ' <-> ' + expectedUsername)
if (receivedIsAdmin === null || receivedLoggedIn === null || receivedUsername === null) {
//User not logged in...
console.log("User not logged in...")
return res.json({forceLogout: false, verified: false})
}
else if (receivedIsAdmin === expectedIsAdmin && receivedLoggedIn === expectedLoggedIn && receivedUsername === expectedUsername) {
// Cookies match the server's session values
//User verification passed...
console.log("User verification passed...")
return res.json({ forceLogout: false, verified: true });
} else {
// Cookies do not match the server's session values
//User verificaton failed...
console.log("User verificaton failed...")
return res.json({ forceLogout: true, verified: false });
}
});