express-session does not work and req.session returns undefined

Hello. As I was developing on my computer, it was working fine. But, when I transferred the files to my droplet, the express-session broke and it returns undefined. I have no code sample because every combination I did has not worked. The issue might be with the droplet (running Linux Ubuntu)

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
January 2, 2024
Accepted Answer

Hi there,

There could be several reasons why req.session is returning undefined. Let’s go through some common troubleshooting steps that might help resolve this issue:

1. Check Node.js Versions

Ensure that the Node.js version on your DigitalOcean Droplet is the same as or compatible with the version you used on your local machine. Incompatible or outdated Node.js versions can cause unexpected behavior.

2. Verify express-session Configuration

Make sure that express-session is properly configured. A typical setup looks like this:

const session = require('express-session');

  secret: 'your-secret-key',
  resave: false,
  saveUninitialized: true,
  cookie: { secure: false } // Set to true if you are using HTTPS
  • Secret: This should be a random string to encrypt the session ID cookie.
  • Resave and SaveUninitialized: These should usually be set to false and true respectively.
  • Cookie Secure: If your Droplet is using HTTPS, set to true.

Make sure that express-session is initialized before any middleware that requires sessions. The order of middleware in Express is important.

3. Check for Any Proxy Issues

If your Droplet is behind a reverse proxy (like Nginx), you need to set trust proxy in Express:

app.set('trust proxy', 1); // Trust first proxy

This is important for secure cookies and when using HTTPS:

Besides all that, if you are still seeing the issue, are there any errors in the logs of your Node.js application or warnings? Sometimes the issue might be logged, providing clues for resolution.

What you could also try is to set up a minimal Express app with express-session on the Droplet to see if the issue persists. This can help you determine if the problem is with your app’s code or the environment.

Also one more thing that you might want to check is, if you’re using environment variables, ensure they are correctly set up on your Droplet. Missing or incorrect environment variables can lead to such issues.

Let me know how it goes!



Hello there, I spent days on a similar error, I was using passport and it just did not work. I reached out to few communities as well, could not get it to work, hence not sure about the root cause. later when I used cookies , i was not able to set it due to public suffix listing. This might have been an issue for session as well. Not sure if this is relevant here , dropping it anyway.

Hope you find it!

Site Moderator
Site Moderator badge
January 2, 2024

Heya @piootra,

There could be a couple of issues here, let’s try and go through them and see if they would help:

  1. Check Node.js Versions: Ensure that the Node.js version on your droplet is the same as or compatible with the version you used on your local machine. Differences in Node.js versions can sometimes lead to unexpected behavior.

  2. Environment Variables: If your application uses environment variables (e.g., for setting session secrets or configuration settings), ensure they are correctly set on your droplet. These variables might not be automatically transferred with your files.

  3. Install Dependencies: Make sure all dependencies, including express-session, are correctly installed on the droplet. Run npm install in your project directory to ensure all necessary packages are installed.

  4. Session Store: If you’re using a session store (like Redis, MongoDB, etc.), ensure that it’s correctly configured and accessible from your droplet. Network configurations or firewall settings could prevent your application from accessing the session store.

  5. Cross-Origin Requests: If your front-end and back-end are hosted separately, ensure that your CORS (Cross-Origin Resource Sharing) settings are correctly configured to allow requests from your front-end.

  6. Logging and Debugging: Add more logging around your session handling code to get more insights into what might be going wrong. Check the logs for any errors or warnings that might indicate the source of the problem.

  7. File Permissions: Ensure that the user running the Node.js process on your droplet has the correct permissions to access all the files and directories used by your application.

  8. Web Server Configuration: If you’re using a web server like Nginx or Apache as a reverse proxy, ensure it’s correctly configured to handle sessions. Some proxy settings can interfere with session handling.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel