I am using nodejs, express and connect-memcaced to handle my sessions. I've made a login script which executes perfectly every time, sets the session data and marks the user as logged in and than redirects him back to the page he logged in from. What happens on occasion (not always) is that after he is redirected and the page loads the cookies sessionID changes and the user is off course not logged in any more. I have failed finding the reason why this happens and why it doesn't happen every time.
Code snipet of the login function:
DB.getOne('User',{filters:{'primary':{email:req.body.email}}}, function(err,data){
if(data[0] && data[0].active == 1){
var encodedPass = self.encodePass(req.body.pass,req.body.email);
if(encodedPass == data[0].pass){
req.session.pr.user = data[0];
req.session.pr.user.status = true;
res.writeHead(302, {
'Location': goTo
});
res.end();
}
}
});
Looking directly into memcached I can see that this executes perfectly and the data is always saved into memcached under the original sessionID. For some reason the redirect must be changing the sessionID
I often find that this happens to me when I do not notice that I have restarted the development server. Remember that the session cookies are stored in memory, so when the server is restarted, all the sessions will be forgotten and the user will be assigned a new session automatically.