Nodejs Express Sessions problem: all information is being exchanged

Asked

Viewed 278 times

0

I need help fast ... I’m wondering why my web application (Nodejs 10.x) is giving this strange error: It’s swapping out user sessions... When a user edits their profile, the information always goes to the last logged in user.

Real Example:

The system is currently disabled for maintenance.

After debugging, we can see that the problem is with the session: in the edit controller, apparently the last registered user ID is used to query the database.

I don’t know if I’m making a mistake, or it’s some configuration problem, but now we have about 1000 users and all the information is being exchanged, when someone edits their own profile, the information goes to someone else ... This is VERY SERIOUS.

Example:

route Candidates

router.post('/infoCurso', User.loggedIn, User.checkRoles(['usuario']), function (req, res) {
    var form = new formidable.IncomingForm();
    form.parse(req, async function (err, fields, files) {
        try {
            var success = await Candidato.infoCurso(fields)

            if (success) {
                res.status(200).send(true)
            } else {
                res.status(400).send(false)
            }
        } catch (err) {
            res.status(500).send(err)
        }
    });
});

controller Candidatos

exports.infoCurso = function (data) {
    var cpf = req.session.passport.user.cpf

    return new Promise((resolve, reject) => {
        var now = new Date()
        db.Curriculos.get(cpf, function (err, doc) {
            if (doc === undefined) {
                reject(false)
            }
            else {
                doc.cursos = JSON.parse(data.cursos_array)
                doc.dataAlteracao = dateFormat(now, "isoDateTime")
                db.Curriculos.insert(doc, doc.cpf, function (err, doc) {
                    if (err) {
                        console.log('UPDATE Curriculo')
                        console.log('Error inserting data\n' + err)
                        reject(false)
                    }
                    else {
                        resolve(true)
                    }
                })
            }
        })
    })
}

app js.:

var session = require('express-session')

app.use(session({
    secret: 'mysecret',
    resave: false,
    saveUninitialized: true,
    cookie: { secure: true }
}))
  • Welcome to the Stackoverflow in Portuguese. As the name suggests, the official language used here is Portuguese. So, could you please translate your question? If you prefer, you can also ask the same question on Stackoverflow website in English.

  • Your code does not appear to be functional, after all in the function infoCurso there is no reference to the variable req however it is being used. And also have to test different machines or at least different browsers

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.