Use expressSession instead of custom logic to create/store session ID

app.ts

@@ -18,11 +18,11 @@ import esMain from "es-main";
 import express, {Request, Response, NextFunction} from "express";
 import {expressCspHeader, INLINE, SELF, EVAL} from "express-csp-header";
 import cookieParser from "cookie-parser";
+import expressSession from "express-session";
 import {marked} from "marked";
 import {markedHighlight} from "marked-highlight";
 import {gfmHeadingId} from "marked-gfm-heading-id";
 import hljs from "highlight.js";
-import uniqueString from "unique-string";
 import expressLayouts from "express-ejs-layouts";
 import yargs from "yargs";
 import {hideBin} from "yargs/helpers";
@@ -39,6 +39,7 @@ import getSecrets from "./lib/secrets.js";
 import {Report, ReportStore, Extensions, Exposure} from "./types/types.js";
 
 type RequestWithSession = Request & {
+  session: expressSession.Session;
   sessionID: string;
 };
 
@@ -84,22 +85,6 @@ const tests = new Tests({
   httpOnly: process.env.NODE_ENV !== "production",
 });
 
-/**
- * Middleware function to handle cookie session.
- * If the 'sid' cookie is not present in the request, it sets a new 'sid' cookie using a unique string.
- * @param req - The request object.
- * @param res - The response object.
- * @param next - The next function to call in the middleware chain.
- */
-const cookieSession = (req: Request, res: Response, next: NextFunction) => {
-  (req as RequestWithSession).sessionID = req.cookies.sid;
-  if (!(req as RequestWithSession).sessionID) {
-    (req as RequestWithSession).sessionID = uniqueString();
-    res.cookie("sid", (req as RequestWithSession).sessionID);
-  }
-  next();
-};
-
 /**
  * Creates a report object based on the provided results and request.
  * @param results - The test results.
@@ -148,8 +133,15 @@ app.use(expressLayouts);
 app.set("layout extractScripts", true);
 
 // Additional config
-app.use(cookieParser());
-app.use(cookieSession);
+app.use(cookieParser(secrets.cookies));
+app.use(
+  expressSession({
+    secret: secrets.cookies,
+    resave: true,
+    saveUninitialized: true,
+    cookies: {secure: true},
+  }),
+);
 app.use(express.urlencoded({extended: true}));
 app.use(express.json({limit: "32mb"}));
 app.use(express.static("static", staticOptions));
@@ -304,7 +296,7 @@ app.post(
     }
 
     try {
-      await storage.put((req as RequestWithSession).sessionID, url, results);
+      await storage.put((req as RequestWithSession).session.id, url, results);
       res.status(201).end();
     } catch (e) {
       next(e);
@@ -313,7 +305,7 @@ app.post(
 );
 
 app.get("/api/results", async (req: Request, res: Response) => {
-  const results = await storage.getAll(req.cookies.sid);
+  const results = await storage.getAll((req as RequestWithSession).session.id);
   res.status(200).json(createReport(results, req));
 });
 
@@ -328,7 +320,7 @@ app.post("/api/browserExtensions", async (req: Request, res: Response) => {
   try {
     extData =
       ((await storage.get(
-        (req as RequestWithSession).sessionID,
+        (req as RequestWithSession).session.id,
         "extensions",
       )) as Extensions) || [];
   } catch (e) {
@@ -342,7 +334,7 @@ app.post("/api/browserExtensions", async (req: Request, res: Response) => {
 
   extData.push(...req.body);
   await storage.put(
-    (req as RequestWithSession).sessionID,
+    (req as RequestWithSession).session.id,
     "extensions",
     extData,
   );
@@ -435,7 +427,7 @@ app.get(
 // instead simply navigates to /export.
 app.all("/export", async (req: Request, res: Response, next: NextFunction) => {
   const github = !!req.body.github;
-  const results = await storage.getAll((req as RequestWithSession).sessionID);
+  const results = await storage.getAll((req as RequestWithSession).session.id);
 
   if (!results) {
     res.status(400).render("export", {

package.json

@@ -67,7 +67,6 @@
     "slugify": "1.6.6",
     "ts-node": "10.9.2",
     "ua-parser-js": "1.0.37",
-    "unique-string": "3.0.0",
     "wasm-feature-detect": "^1.6.1",
     "winston": "3.11.0",
     "yargs": "17.7.2"
@@ -120,6 +119,7 @@
     "eslint-plugin-jsdoc": "^46.9.0",
     "eslint-plugin-prefer-arrow": "1.2.3",
     "eslint-plugin-unicorn": "^49.0.0",
+    "express-session": "^1.17.3",
     "fdir": "6.1.1",
     "foreman": "^3.0.1",
     "json3": "3.3.3",

secrets.sample.json

@@ -1,4 +1,5 @@
 {
+  "cookies": "mdn-bcd-collector",
   "github": {
     "token": ""
   },

types/types.d.ts

@@ -145,6 +145,7 @@ export type InternalTestResult = TestResult & {
 };
 
 export interface Secrets {
+  cookies: string;
   github: {
     token: string;
   };