Secure cookie session not being transmitted by Express on remote server using HTTPS

I am experiencing a challenge where Express is not including the Set-Cookie header when using express-session and setting the secure option to true. This issue arises specifically on a remote server with a valid certificate signed by Let's Encrypt.

const express = require('express')
const session = require('express-session')

const app = express()
const port = 3000

const sessionMiddleware = session({
    secret: 'secret',
    resave: false,
    rolling: true,
    saveUninitialized: false,
    cookie: {
        secure: true,
        httpOnly: false,
        maxAge: 1000 * 60 * 10 * 1000
    }
});

app.use(sessionMiddleware)

app.get('/', (req, res) => {
    req.session.foo = 'bar';
    res.send('Hello World!')
})

app.listen(port, () => {
    console.log(`Example app listening on port ${port}`)
});

What steps can I take to enable Express to properly set the cookie in this scenario?

expresscookiesexpress-session

Answer №1

When using Express, it is important to note that it is typically served behind a reverse proxy.

In my experience, I found it necessary to add the following header to Apache in order to ensure proper functionality:

RequestHeader set X-Forwarded-Proto "https"

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Node Express for Advanced Routing

I'm currently developing a web application that will handle CRUD operations on an array within a collection. Here is the structure of the collection model: var mongoose = require('mongoose'); var website = require('./website'); ...

javascriptnode.jsmongodbexpress

Expiration Date of Third-Party Cookies

I need help retrieving the expiration date of a third-party cookie programmatically using JavaScript. Even though I can see the expiry time in the browser's DevTools (refer to the screenshot at ), I am struggling to figure out how to access this infor ...

javascriptnext.jscookiesnext.js13third-party-cookies

Node.js Tutorial: Enabling or Disabling Sessions Based on URL

When building a website using express and express-session middleware, session is enabled. However, there are certain URLs like /health-check and /version-check that do not require session handling. This can lead to unnecessary sessions being created in the ...

node.jssessionexpress

Having trouble with the Bootstrap float right class? Your buttons are refusing to respond?

Currently, I am experimenting with ExpressJS and EJS rendering. I have noticed that the Bootstrap float-right class is not working properly on the navbar. I even attempted using d-flex, but the issue persists. I am unsure if I am missing something in my co ...

cssnode.jsexpressbootstrap-4ejs

Express.js app does not seem to properly handle app.use(express.raw()) functionality

I am in the process of creating an Express application that is designed to handle binary post data. The code snippet below showcases my progress so far: Server-side: var express = require('express'); var app = express(); var PORT = 3000; app.us ...

javascriptnode.jsexpress

NuxtJs login feature is functional, but encounters an unauthorized 401 error

I am utilizing the NuxtJs auth module to manage my authorization within the application state. I have created an express API specifically for this purpose, and it functions correctly. Below is the configuration included in my nuxt.config.js file: axios ...

javascriptexpressnuxt.js

Creating a new Express JS application

I've encountered an issue with my express application. When I run the server and navigate to localhost in my browser, the index page loads but without the image that should be displayed. The browser console shows a 404 error for the image URL. GET ht ...

javascriptexpress

Verify ownership information by utilizing Node.js

Seeking guidance here. Currently, I am working on a Node.js and MongoDB application related to Apartment ownership. Within this application, there are two main datasets: Ownership and Tenants. For instance, Mr. A owns units 10 and 11. Then we have Mr. C wh ...

javascriptnode.jsmongodbexpressmongoose

What methods can be used to effectively store session data in an Angular application when the page is refreshed?

Joomla serves as the backend of our application. Upon a successful login via an ajax call, I am able to obtain the Session ID. What is the most effective way to store this information within the Angular App? Which method is recommended (e.g. cookies or ...

phpangularjsajaxsessioncookies

Error [ERR_UNSUPPORTED_DIR_IMPORT]: Nodejs App cannot be started locally due to a directory import issue

My journey to deploy my app on Heroku has hit a roadblock. The import statements, like import cors from 'cors', are causing the app to fail in production with the "Cannot Load ES6 Modules in Common JS" error. Interestingly, everything runs smooth ...

javascriptnode.jsexpressherokusequelize.js

Having trouble with npm? It's showing a "Response timeout" error when attempting to fetch data from https://registry.npmjs

Whenever I attempt to install a package, I encounter the following error message. I've exhausted all my options, can someone please assist me? npm ERR! Response timeout occurred when attempting to fetch https://registry.npmjs.org/base-config-proc ...

node.jsexpressvue.jsnpm

Establishing a server-side connection with Socket.io using Node.js

In my Node.js application, I have a frontend app and a backend app. The backend is responsible for managing the list and pushing updates to the frontend app. When I make a call to the frontend app, it triggers a list update so that all clients receive th ...

node.jsexpresssocket.io

Is it advisable to refrain from handling all routes in a Node/Express application using an asterisk?

Recently, I set up a simple node app that captures all incoming requests: app.get('*', function(req, res) { //handle GET request with specific parameter } I'm wondering if there are any drawbacks to using this catchall method if the app ...

node.jsexpress

Tips for resolving the "err is not defined" issue in Node.js

I am facing an issue while trying to connect to a MySQL database in Node.js. When I attempt to compile the code, it gives an error stating that "err is undefined". Even though I am new to Node.js, I believe I am handling errors correctly, especially with t ...

mysqlnode.jsexpress

Guide on invoking a node.js function from an express-rendered ejs page

My express server currently has a button that triggers a POST request to activate a function in my node.js server. Instead of using a traditional POST request, I am interested in implementing something like AJAX so that the page doesn't reload. Is th ...

javascriptajaxnode.jswebserverexpress

Having trouble passing data from router to View with EJS in Express. Despite trying, still encountering ReferenceError message

I encountered an issue when trying to display form errors to the user. I attempted to pass the errors from the router to my view file. Error Message ReferenceError: e:\2016\passport\views\register.ejs:38 36| 37| <div ...

javascriptnode.jsexpressrouterejs

The seamless fusion of Express with Typescript

Hello and thank you for taking the time to assist me. I recently completed a Cron app using Node.JS. I wanted to add a website hosted by the Node.js server with Express. I developed this TypeScript website in a separate folder, but encountered errors when ...

node.jsexpresstypescriptangular

Node.js: Experiencing HTTP request timeout issues lasting for over a minute

Using Node.js (version 0.10.28), I encountered an issue when making an http.request to my Ruby API for a large amount of data. The request seems to time out and return a 404 error after only 1 minute. Interestingly, when using other methods like wget or jQ ...

javascriptnode.jsexpressconnection-timeout

What advantages and disadvantages come with using AJAX requests to fetch an HTML page as opposed to utilizing window.location or a hyperlink to navigate to the page?

I have been exploring the various techniques for switching pages in a web browser. Here is what I have gathered so far: Using anchor tags <a href = "#">...</a> allows redirection with text and images (non-buttons) Button elements lik ...

jqueryajaxexpressbuttonresponse

Using node express to proxy json requests

In order to proxy requests from a web server to an API server, I am using the code snippet below in my node-express application: app.use('/api', function(req, res) { var url = 'http://my.domain.com/api' + req.url; req.pipe(request( ...

jsonnode.jsexpressproxy