req.session often undefined in a route (connect-redis used as store)

Question

The problem is the following: On the deployed nodejitsu app, often (not always!), when I redirect from the browser (clicks on a a href="/logout") to the /logout route, i get a req.session undefined within that route.

app.get('/logout', function(req, res){
   log.debug("session", req.session); //undefined
});

The requests go through the following stack of 'middleware':

var store = new db.store({client: db.client}); // no problems here, redis monitor confirms
app.configure(function(){
    [...]
    app.use(express.cookieParser("XXXpassXXX"));
    app.use(express.bodyParser());
    app.use(express.session({
        secret: "XXXpassXXX",
        store: store
    }));
    app.use(function(req, res, next) {
        var fullURL = req.protocol + "://" + req.get('host') + req.url;
        if (fullURL.indexOf("logout") != -1 || fullURL[fullURL.length-1] == "/") {
            log.debug(fullURL);
            log.debug("sesiune", JSON.stringify(req.session)); // undefined for the "/logout" route !!!
            log.debug("cookies", JSON.stringify(req.cookies));
        }
        next();
    });
    app.use(passport.session());
    app.use(app.router);
});

I have checked the browser and it sends the cookies to the server and in my "logger" middleware, i can see the fullURL is correctly set.

Also, the last query made to the redis db by the app, before failing, is a get "sess:xxx" on the correct session id (which is stored in the database correctly).

Why and what could be the reasons that, after after express.session() using connect-redis as a store submits to the next() middleware, the req.session is undefined, given the fact that the session is stored on the redis database and it DOES perform a "get" on it?

PS: While on the local server, with a local redis instance, everything works.

Answer 1

It looks like you're doing everything right, so I'm afraid I don't have a direct answer for you. However, I hope this will help you debug the problem.

The first thing I would do is look at the various failure conditions in the session middleware, and see if any of them might be an issue in your production environment. That code is located in your project directory here:

node_modules/express/node_modules/connect/middleware/session.js

Look for the line starting with function session(options){; that's where the party starts. About 25 lines later, you'll see return function session(req, res, next){; that's the actual middleware. If you browse through that source, you'll see various reasons why the session variable might not be set (anything that throws an error or returns next()). For example, the store can be disconnected, or there's a pathname mismatch. Sometimes, debug() is called on failure, so you could try enabling debugging logging. Just set the environment variable DEBUG to express:*. I haven't used Nodejitsu yet, but I'm sure there's a way you can set environment variables and examine your logs.

If you can enable remote debugging on Nodejitsu, then even better: that way you could actually step through the session middleware and find out where it's failing (or if it's not getting called for some reason). I looked through the public Nodejitsu documentation, and didn't see anything about remote debugging, but that doesn't mean it can't be done.