Menu
I am using express sessions on node.js to store user sessions. I have deployed to an AWS EC2 instance and it works when I call it directly over HTTP. To make the ec2 instance HTTPS, I use AWS CloudFront but then my client cookies are not being set anymore from express session.
I cannot just make the node server directly HTTPS because my SSL certificate is on ACM (which does not allow me to download it).
The express session middleware is shown below. Am I setting this up correctly for HTTPS requests?
let sessionMiddleware = session({
store: new redisStore({
client: redisClient,
ttl: 365*24*60*60
}),
saveUninitialized: false,
resave: false,
secret: "Shh, its a secret!",
cookie: {
httpOnly: false,
secure: true,
expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000)
}
});
376
I fixed the problem by setting the the express session middleware's proxy flag to true. Hope this helps someone.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
