I use nodejs, express and connect-memcaced to handle my sessions. I made a login script, which is executed perfectly every time, sets the session data and puts the user as a login and redirects him back to the page from which he entered. What happens sometimes (not always) is that after the page is redirected and the page changes with cookie, sessionID and the user is no longer logged in. I did not find a reason why this happens and why it does not happen every time.
Sniper code input function:
DB.getOne('User',{filters:{'primary':{email:req.body.email}}}, function(err,data){ if(data[0] && data[0].active == 1){ var encodedPass = self.encodePass(req.body.pass,req.body.email); if(encodedPass == data[0].pass){ req.session.pr.user = data[0]; req.session.pr.user.status = true; res.writeHead(302, { 'Location': goTo }); res.end(); } } });
Looking directly at memcached, I see that this works fine, and the data is always stored in memcached under the original sessionID. For some reason, the redirect should change sessionID
source share