Option to save session before sending response

[skoranga]

Looks like fix for #61 (901c8e0) is causing some wired race condition.
In my usecase req.session.save is calling also encrypting the data before storing. And usually it takes more little longer than non-encrypted version. Because of the async nature of session save the next request is starting most of the time before the save is complete. And this next request is fetching the old version of session.
Is there any possibility to add some flag to control the async/sync session save or any other solution?

[dougwilson]

Can you verify if you still have the problem with version 1.7.5? A change was made to mostly address that referenced commit for the case you describe.

[skoranga]

i fear i still can see the issue, but commenting out this code

session/index.js

Lines 216 to 229 in 5c503e7

	if (!isNaN(contentLength) && contentLength > 0) {
	// measure chunk
	chunk = !Buffer.isBuffer(chunk)
	? new Buffer(chunk, encoding)
	: chunk;
	encoding = undefined;
	if (chunk.length !== 0) {
	debug('split response');
	ret = _write.call(res, chunk.slice(0, chunk.length - 1));
	chunk = chunk.slice(chunk.length - 1, chunk.length);
	return ret;
	}
	}

it works fine.

[dougwilson]

Because of the async nature of session save the next request is starting most of the time before the save is complete. And this next request is fetching the old version of session.

can you explain what the "next request" is, exactly?

[skoranga]

first page is one email input and next button. The next page needs carry over of this email and more input fields. So next request is part of multipage form submission.

[dougwilson]

ok. so by "next request is starting most of the time before the save is complete" you mean that you're able to click on the next button on that page before the session has been saved to the store, is that correct? if that is the case, the solution is a feature i have been meaning to add: an option to not send any response at all until the session has been saved to the store. this will make sure that you cannot click the button until the session is in the store.

[skoranga]

yeah exactly the issue.
Thanks looking forward to this feature.

[dougwilson]

just in case you're not aware and feel like you have to wait on me, there is a work-around, which is to call req.session.save yourself and respond within that callback. for example

app.post('/', function (req, res, next) {
  // do stuff
  req.session.email = email
  req.session.save(function (err) {
    if (err) return next(err)
    res.render('page')
  })
})

[skoranga]

Excuse for late reply, but this is not really solving the issue. However I see session save happening twice.

[dougwilson]

However I see session save happening twice.

Oh, you have to set resave: false in your options if you want to use req.session.save, forgot about that, sorry!