Express SessionID differs from SessionID in Cookie
Look at this piece of code from session middleware ( line 267 ):
var val = 's:' + signature.sign(req.sessionID, secret);
where signature.sign
function is a concatenation ( pseudo-code ):
req.sessionID + "." + hash(secret)
where hash
is a custom function ( see this for more details ).
This means that it is just a signing convention for cookies ( to make it more secure ). You can retrieve your sid by calling:
var signature = require( "cookie-signature" ), prefix = "s:";var real_sid = sid.replace( prefix, "" );real_sid = signature.unsign( real_sid, SESSION_SECRET );