Trouble using express.session with https

I have to use authentication and then create a session for this i have a HTTPS static website running on expressjs

Code :


//created the https server

var express = require('express');
var https = require('https');
var http = require('http');
var fs = require('fs');
var mongo = require('mongodb');
var monk = require('monk');
var db = monk('localhost:27017/svgtest1');

// This line is from the Node.js HTTPS documentation.
var options = {
  key: fs.readFileSync('privatekey.pem'),
  cert: fs.readFileSync('certificate.pem')

// Create a service (the app object is just a callback).
var app = express();

app.use(express.static(__dirname + '/public'));
app.use(express.session({cookie: { httpOnly: false , maxAge: 24*60*60*1000}, secret: '1234567890QWERT'}));

// middle ware to check auth
function checkAuth(req, res, next) {
  if (!req.session.user_id) {
    res.send('You are not authorized to view this page');
  } else {

app.get('/', function(req, res) {
  console.log('First page called');
});'/login', function(req, res) {
  console.log('login called');
  var usrfield = req.body.usrfield;
  var passfield = req.body.passfield;

    // Play with the username and password

    if (usrfield == 'xxx' && passfield == 'xxx') {
    req.session.user_id = '123';
  } else {
    res.send('Bad user/pass');


// Create an HTTPS service.
https.createServer(options, app).listen(8888);
  1. When I visits https://localhost:8888 it continuously loads the page and does not redirect to xyz.html where i have to enter the credentials to authenticate the user ?
  2. When I comment out

    app.use(express.session({cookie: { httpOnly: false , maxAge: 24*60*60*1000}, secret: '1234567890QWERT'}));

Then the page loads correctly but when i post the form to /login then it says req.session cannot be written. For this i know because i have comment out the express.session, but the strange thing is that connect.sid cookie is created. Why ?

I am confused regarding question 1 and 2.


I tried your example, and it works for me. Are you sure you're using the https protocol in the browser? By default, a browser will try to connect with HTTP protocol unless you redirect to HTTP. With your set, navigating to this URL will just spin:


However, if you navigate to this URL:


It will work as expected. Most servers that use HTTPS automatically redirect to an HTTPS connection if the user came in over HTTP, but you still have to have two servers: one accepting HTTP request, and the other accepting HTTPS requests. For example, you could do this:

// create an HTTPS service
https.createServer(options, app).listen(443);

// create HTTP service to redirect to HTTPS
    res.redirect('https://localhost:443' + req.url);

Note that if you use ports below 1024 (such as 443, which is common for HTTPS), you'll probably have to have elevated privileges depending on your server set up. In OSX/Linux, you would just do sudo node app.js. Of course you don't have to run on port 443: you could have your HTTPS server run on 8887 and your HTTP redirect server run on 8888.

Need Your Help

Ruby's ||= (or equals) in JavaScript?

javascript ruby syntax

I love Ruby's ||= mechanism. If a variable doesn't exist or is nil, then create it and set it equal to something:

Paged table with ASP.NET MVC and AJAX

jquery ajax pagination

I'm looking for good patterns for implementing a paged table of results in ASP.NET MVC with sorting, filtering, and paging provided via AJAX. It seems to me that I should have my controller actions