There was a strange problem: I use Express and in development we use http and have secure: false for the session cookie, however now we go to openhift and we turned https into a thought that it would be a simple task, but our cookies are not sent back from the answers. If, however, we turn off https and go back to http in openshift, it works fine and cookies are sent.
So, here is an example of what a cookie config looks like:
var setupSession = function() { var sessionConfig = { secret: environmentVars.cookie.secret, name: environmentVars.cookie.name, maxAge: environmentVars.cookie.expiry, domain: environmentVars.cookie.domain, httpOnly: true, secure: environmentVars.cookie.secure, // true when using https secureProxy: environmentVars.cookie.secure, // true when using https signed: true }; app.set('trust proxy', 1); // Just added this, still no luck app.use(session(sessionConfig)); };
Thus, the above is executed when the application is launched and, as noted in the comments, when we use a secure connection, vars environments are established for us, and when the above is used in combination with HTTPS, the cookie is not sent back from the express, however, open cookies are sent back, for example, gears, etc. Again with http and disabling protected material, it works great, we all get cookies and enjoy it. All responses work, and the data is sent back, since the set-cookie header is absent for application cookies (but, as already mentioned, it does not open to be reset).
Thus, the actual certificate is not configured in nodejs, it is configured on openshift as an alias with the applicable certificate. So the express really has no idea that it runs in https, except for the environmental ones that it skips, and the port is provided by the six that launches it.
Has anyone else had something similar or have ideas that we can try to solve the problem or diagnose it? I read something and people suggested trying a trusted proxy and secureProxy, which was done but still no luck.