Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript User Authentication With Express and Mongo Improving the App with Custom Middleware Using MongoDB as a Session Store

Mike Lundahl
Mike Lundahl
13,510 Points
Posted by Mike Lundahl
Mike Lundahl
13,510 Points

Session stored with cookie on remote MongoDB but not browser

I'm struggling to understand this.

I'm successfully storing the session with cookie on a remote MongoDB.

But for some reason the browser does not store the cookie. I've done all imaginable combinations and browsed the internet for weeks with no luck.

I also implemented cookie-parser. I also watched "Express Basics" course.

Here's how the storing looks like

// use session for tracking logins
app.use(session({
    secret: 'break limit is awesome!',
    resave: true,
    saveUninitialized: false,
    rolling: false,
    store: new MongoStore({
        mongooseConnection: db,
        ttl: 0 * 1 * 60 * 60
    }),
    cookie: { maxAge: 3600000, secure:false, httpOnly: false }
}));

// make user ID available in templates
app.use(function (req, res, next) {
    res.locals.currentUser = req.session.userId;
    next();
});

here's the route

router.post('/api/login', function(req, res, next) {
    "use strict";

    if (req.body.email && req.body.password) {

        User.authenticate(req.body.email, req.body.password, function (error, user) {
            if (error || !user) {
                var err = new Error ('Wrong email or password!');
                logger.log('error', 'Wrong email or password!', error);

                err.status = 401;
                return next(err);
            } else {

                req.session.userId = user._id;
                req.session.save();
                console.log(req.session);
                return res.cookie('username', 'isikjbsdg', {httpOnly: false});
            }
        });

    } else {
        var err = new Error('Email and password are required!');
        err.status = 401;
        return next(err);        
    }
});

I'm not getting any errors so I'm not sure where to look?

Adam Beer
Adam Beer
11,314 Points
Adam Beer
Adam Beer
11,314 Points

In router.js file use // before "use strict" and run again your server. What happened?

Mike Lundahl
Mike Lundahl
13,510 Points
Mike Lundahl
Mike Lundahl
13,510 Points

@Adambeer Tried it.. didn't do anything I'm afraid.

Mike Lundahl
Mike Lundahl
13,510 Points
Mike Lundahl
Mike Lundahl
13,510 Points

Good to know.

https://github.com/expressjs/session

since version 1.5.0 of express-session there's no need for cookie-parser as I understand it. (btw, typo? express-session latest version is only at 1.15.6)

1 Answer

Mike Lundahl
Mike Lundahl
13,510 Points
Mike Lundahl
Mike Lundahl
13,510 Points

This actually worked. 

 return res.cookie('username', 'isikjbsdg', {httpOnly: false}).send();

Maybe I just missed it but I can't find this mentioned in any of the courses? Would be great if this would be covered as well to give a better understanding.