Saturday, 8 April 2017

Express-session works wrong when website migrated from http to https?

After we migrated our website from http scheme to https (including enabling https on CDN and redirecting http to https on server), we found that our user sessions works incorrectly sometimes, that is, the user A would be recognized as user B! It seems the session ids of cookies are incorrectly parsed and maybe different users share the same cookies or session ids but all the session ids are generated by uid-safe uniquely.

The issue seems very strange and we really have no idea of the cause.

we use nodejs, Express, express-session with redis storage.



via Xhua

No comments:

Post a Comment