bo/worklenz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): enhance session handling and response logging in authentication

Browse Source 
- Improved session management by ensuring the session is saved before sending the response in the `AuthController`.
- Added detailed logging for session save operations and included the session ID in the response for better debugging.
- Updated session middleware configuration to enhance security and support mobile applications, including adjustments to cookie settings based on the production environment.
This commit is contained in:
Chamika J
2025-08-06 10:35:35 +05:30
parent 8e5d55ce7d
commit 5b00d83847
2 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
worklenz-backend/src/controllers/auth-controller.ts
View File

@@ -259,11 +259,22 @@ export default class AuthController extends WorklenzControllerBase {
user.build_v = FileConstants.getRelease(); user.build_v = FileConstants.getRelease();
console.log("Sending response..."); console.log("Sending response...");
return res.status(200).send({ console.log("Response headers before send:", res.getHeaders());
done: true,
message: "Login successful", // Ensure session is saved before sending response
user, req.session.save((saveErr) => {
authenticated: true if (saveErr) {
console.log("Session save error:", saveErr);
}
console.log("Session saved, cookie header:", res.getHeader('set-cookie'));
return res.status(200).send({
done: true,
message: "Login successful",
user,
authenticated: true,
sessionId: req.sessionID // Include for debugging
});
}); });
}); });
})(req, res, next); })(req, res, next);

20
worklenz-backend/src/middlewares/session-middleware.ts
View File

@@ -5,7 +5,7 @@ import { isProduction } from "../shared/utils";
// eslint-disable-next-line @typescript-eslint/no-var-requires // eslint-disable-next-line @typescript-eslint/no-var-requires
const pgSession = require("connect-pg-simple")(session); const pgSession = require("connect-pg-simple")(session);
export default session({ const sessionConfig = {
name: process.env.SESSION_NAME, name: process.env.SESSION_NAME,
secret: process.env.SESSION_SECRET || "development-secret-key", secret: process.env.SESSION_SECRET || "development-secret-key",
proxy: false, proxy: false,
@@ -18,10 +18,18 @@ export default session({
}), }),
cookie: { cookie: {
path: "/", path: "/",
// secure: isProduction(), httpOnly: true,
// httpOnly: isProduction(), // For mobile app support, we might need these settings:
// sameSite: "none", sameSite: isProduction() ? "none" as const : "lax" as const,
// domain: isProduction() ? ".worklenz.com" : undefined, secure: isProduction(), // Required when sameSite is "none"
domain: isProduction() ? ".worklenz.com" : undefined,
maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days
} }
}); };
console.log("Session configuration:", {
...sessionConfig,
secret: "[REDACTED]"
});
export default session(sessionConfig);