Random Cookies Appearing in Sessions table

[haroot]

i believe this plugin is causing these cookies to pile up in my table:

{"cookie":{"originalMaxAge":null,"expires":null,"httpOnly":true,"path":"/"},"flash":{}}

[manuel-di-iorio]

connect-session (dependency) modifies the session even if not necessary, so e.g. express-session saves the new session thinking its not uninitialized. https://github.com/jaredhanson/connect-flash/issues/33

From the saveUninitialized docs of https://github.com/expressjs/session:

The session is uninitialized when it is new but not modified.

This is a big issue, causing empty sessions to be created on page loads.

Upstream issue is here: https://github.com/RGBboy/express-flash/blob/master/lib/express-flash.js

res.locals.messages = req.flash();

[roberto-belardo]

I have the same problem. Did anybody found a solution?

[manuel-di-iorio]

@backslash451 This is the workaround, call this middleware before your routes:

export default (req, res, next) => {
  const _end = res.end;
  
  res.end = function fixExpressResponseEnd(...args) {
    // Fix for the connect-flash empty session
    // https://github.com/jaredhanson/connect-flash/issues/33
    if (req.session && !Object.keys(req.session.flash || {}).length) {
      delete req.session.flash;
    }

    _end.apply(this, args);
  };

  next();
};

[roberto-belardo]

This is great. I'll think about using it, because I already found a different solution using a custom function to "enable" flash() middleware on all routes except for a special one used for healthcheck (this was the problem in the first place, a GET request every 1 sec used to check the status of the application, that created the "almost" empty session object).