help icon indicating copy to clipboard operation
help copied to clipboard
verified publisher icon nodejs

TLS resumeSession never find saved sessionId

Open Zabrah opened this issue 3 years ago • 0 comments

Details

While experimenting with session resumption I logged id and data appearing inside newSession and resumeSession on a https server (created with https.createServer). First I was surprised, that even browsers, which supports session-keys, seems to trigger the listeners for sessionIds. Then I recognized, at every call at resumeSession, its not a key that have been previously saved with my newSession listener function, even if I used the same browser to call the website multiple times. Is there something broken inside NodeJS or is this a strange behavior of current browsers?

Tested Browsers (both on macOS 12.4): Google Chrome 102 (which should use session-keys, but still trigger newSession and resumeSession) Safari 15.5 (which does not support session-keys)

Tested NodeJS 18.2 running on OS: Fedora 36

Node.js version

18.2

Example code

//Before a https.createServer is successfully started with private-key and certificate on a valid domain

const debug = true
const tlsSess = {}
let ts = Date.now()

server443.on("newSession", (id, data, cb) => {
	console.log("HTTPS new Session-ID")
	const idB64 = id.toString("base64");
	console.log("SessionID "+idB64+" saved")
	tlsSess[idB64] = { ts, data }
	cb()
})

server443.on("resumeSession", async (id, cb) => {
	console.log("HTTPS search Session-ID")
	const idB64 = id.toString("base64")
	//The following log does never say "successfully"
	console.log("SessionID "+idB64+( tlsSess[idB64] ? "successfully" : "not" )+" found")
	cb(null, tlsSess[idB64] || null)
})

Operating system

Browsers on macOS NodeJS on Fedora 36

Scope

runtime (running https server)

Module and version

Not applicable.

Zabrah avatar Jun 03 '22 20:06 Zabrah