Nodejs Express Sessions problem: all information is being exchanged

Question

Nodejs Express Sessions problem: all information is being exchanged

Asked 5 years, 9 months ago

Viewed 278 times

0

I need help fast ... I’m wondering why my web application (Nodejs 10.x) is giving this strange error: It’s swapping out user sessions... When a user edits their profile, the information always goes to the last logged in user.

Real Example:

User with email [email protected] logs in;
It goes to the editing page;
User with email [email protected] logs in;
user [email protected] modifies something and saves;
The data goes to the user [email protected]
Sometimes ** incredibly ** the user screen [email protected] BECOMES THE USER’S [email protected]!!

The system is currently disabled for maintenance.

After debugging, we can see that the problem is with the session: in the edit controller, apparently the last registered user ID is used to query the database.

I don’t know if I’m making a mistake, or it’s some configuration problem, but now we have about 1000 users and all the information is being exchanged, when someone edits their own profile, the information goes to someone else ... This is VERY SERIOUS.

Example:

route Candidates

router.post('/infoCurso', User.loggedIn, User.checkRoles(['usuario']), function (req, res) {
    var form = new formidable.IncomingForm();
    form.parse(req, async function (err, fields, files) {
        try {
            var success = await Candidato.infoCurso(fields)

            if (success) {
                res.status(200).send(true)
            } else {
                res.status(400).send(false)
            }
        } catch (err) {
            res.status(500).send(err)
        }
    });
});

controller Candidatos

exports.infoCurso = function (data) {
    var cpf = req.session.passport.user.cpf

    return new Promise((resolve, reject) => {
        var now = new Date()
        db.Curriculos.get(cpf, function (err, doc) {
            if (doc === undefined) {
                reject(false)
            }
            else {
                doc.cursos = JSON.parse(data.cursos_array)
                doc.dataAlteracao = dateFormat(now, "isoDateTime")
                db.Curriculos.insert(doc, doc.cpf, function (err, doc) {
                    if (err) {
                        console.log('UPDATE Curriculo')
                        console.log('Error inserting data\n' + err)
                        reject(false)
                    }
                    else {
                        resolve(true)
                    }
                })
            }
        })
    })
}

app js.:

var session = require('express-session')

app.use(session({
    secret: 'mysecret',
    resave: false,
    saveUninitialized: true,
    cookie: { secure: true }
}))

Welcome to the Stackoverflow in Portuguese. As the name suggests, the official language used here is Portuguese. So, could you please translate your question? If you prefer, you can also ask the same question on Stackoverflow website in English.

– Sorack

2019/02/15 at 18:21
Your code does not appear to be functional, after all in the function infoCurso there is no reference to the variable req however it is being used. And also have to test different machines or at least different browsers

– Sorack

2019/02/18 at 13:54

No answers

Browser other questions tagged node.js session login express

You are not signed in. Login or sign up in order to post.