Sessions and expressSequelizeSession

[drochag]

I just generated a project and just running it with logging: on from Sequelize I get tons of queries on the Sessions table.

Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
SocketIO / [127.0.0.1:55936] DISCONNECTED
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
SocketIO / [127.0.0.1:55924] CONNECTED
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;
Executing (default): SELECT `id`, `name`, `info`, `active`, `createdAt`, `updatedAt`, `deletedAt` FROM `Things` AS `Thing` WHERE `Thing`.`deletedAt` IS NULL;
GET /api/things 304 7.847 ms - -
Executing (default): SELECT `data` FROM `Sessions` AS `Session` WHERE `Session`.`sid` = 'GHPMz67MiywlCguBD96xjfxmCd_I5YDZ' LIMIT 1;

^ All of this on a single reload on the home page

[saurabhverma2892]

same issue. did you happen to find the reason @danmmx ?

[andershagebakken]

It might be the same as our issue 1597. This is becoming a problem, since the storage quota gets filled quite fast.

[drochag]

I didn't @saurabhverma2892 . And probably the same issue @andershagebakken .

[saurabhverma2892]

temporary solution:

comment out everything related to sessions and lusca in /server/config/express.js.

/**
 * Express configuration
 */

'use strict';

import express from 'express';
import favicon from 'serve-favicon';
import morgan from 'morgan';
import compression from 'compression';
import bodyParser from 'body-parser';
import methodOverride from 'method-override';
import cookieParser from 'cookie-parser';
import errorHandler from 'errorhandler';
import path from 'path';
import lusca from 'lusca';
import config from './environment';
import passport from 'passport';
import session from 'express-session';
import sqldb from '../sqldb';
import expressSequelizeSession from 'express-sequelize-session';
var Store = expressSequelizeSession(session.Store);

export default function(app) {
  var env = app.get('env');

  app.set('views', config.root + '/server/views');
  app.engine('html', require('ejs').renderFile);
  app.set('view engine', 'html');
  app.use(compression());
  app.use(bodyParser.urlencoded({ extended: false }));
  app.use(bodyParser.json());
  app.use(methodOverride());
  app.use(cookieParser());
  app.use(passport.initialize());

  // Persist sessions with MongoStore / sequelizeStore
  // We need to enable sessions for passport-twitter because it's an
  // oauth 1.0 strategy, and Lusca depends on sessions



/*was creating problems so disabling store*/

  /*app.use(session({
    secret: config.secrets.session,
    saveUninitialized: true,
    resave: false,
    store: new Store(sqldb.sequelize)
  }));*/





  /**
   * Lusca - express server security
   * https://github.com/krakenjs/lusca
   */
  /*if ('test' !== env) {
    app.use(lusca({
      csrf: {
        angular: true
      },
      xframe: 'SAMEORIGIN',
      hsts: {
        maxAge: 31536000, //1 year, in seconds
        includeSubDomains: true,
        preload: true
      },
      xssProtection: true
    }));
  }*/

  app.set('appPath', path.join(config.root, 'client'));

  if ('production' === env) {
    app.use(favicon(path.join(config.root, 'client', 'favicon.ico')));
    app.use(express.static(app.get('appPath')));
    app.use(morgan('dev'));
  }

  if ('development' === env) {
    app.use(require('connect-livereload')());
  }

  if ('development' === env || 'test' === env) {
    app.use(express.static(path.join(config.root, '.tmp')));
    app.use(express.static(app.get('appPath')));
    app.use(morgan('dev'));
    app.use(errorHandler()); // Error handler - has to be last
  }
}

[Awk34]

That express middleware seems to be unmaintained. Has anyone tried connect-session-sequelize ?

[andershagebakken]

What can I use for Mongoose?

[Awk34]

@andershagebakken When you scaffold with the Mongo option, it will use connect-mongo

[andershagebakken]

Okay. Thanks. But how can I fix the issue of the growing sessions collection as described in 1597, similar to this issue?

[mhheise]

@andershagebakken @Awk34 I think this issue is upstream with express-session or express-sequelize-session. Ideally, a new session should only be created if the session is used or changed, but the static middleware requests are hitting the session store, overwriting one another, and generating new sessions. The fix would be to move all of the static middleware declarations before the session middleware declaration. I can attempt a first PR for this issue soon if you would like.

[Awk34]

I don't know yet. I haven't had any time to investigate it. As @saurabhverma2892 said, if you just comment out all of the session-related code the problem goes away (obviously). The two things that rely on sessions are Lusca (for security purposes) and Twitter OAuth (OAuth 1).

[Awk34]

@mhheise Yes! If you can confirm that that works, PRs are always welcome! Also, you might want to test out connect-session-sequelize instead of express-sequelize-session, since the former seems to be more maintained.

[andershagebakken]

Thanks for the responses @Awk34 and @mhheise . I thought the session store was required for keeping the user logged in, but if not, then I'll comment the code. I guess it is okay to implement helmet over lusca in this case?

[Awk34]

@andershagebakken The reason for sessions is explained here as well.

I've never used Helmet, but of course you can try anything you'd like! Lusca is just provided as the default for convenience's sake.

[mhheise]

@Awk34 Absolutely! I will work on a PR at least for the fix with the current session packages and I can also test the connect-session-sequelize package -- if I find success there I can submit a separate PR for the change.

[Awk34]

@mhheise awesome. Since it's a fix, make sure to branch from the 'master' branch if you get things working