connect-mysql is handling MySQL connection errors improperly, which results in application crashes.

This application can reproduce the behavior: https://github.com/jeremiahlee/mysql-issue-845

I originally filed this bug with the 'mysql' package. One of the developers helped identify the cause of this error in connect-mysql: mysqljs/mysql#845 (comment)

Apparently this requires SUPER permission on the mysql host as line 22 of connect-mysql.js has connection.query('SET GLOBAL event_scheduler = 1'); which doesn't work for a non-SUPER user.

I don't use this module any more, so it's grown quite stale.. I've tried to continue merging pull requests, but I haven't really been paying any attention to it.

Anyone that would like to take over as the maintainer, let me know here and I'd be happy to add you to the repo and on npm.

If I create a patch to take advantage of connection pooling will you merge it?

Hi,

We should update the DELETE sessions query so that it works for mysql when set it to safe mode.
This is just an fyi for those folks running in to a similar problem...
something like this would do it:

'DELETE FROM `' + TableName + '` WHERE `sid` != 0 and `expires` > 0 and `expires` < UNIX_TIMESTAMP()';

Thanks,
Jatin

The node-mysql connection pool does not (or does not always) clean up after the server terminates a connection. After long periods of inactivity, the pool can re-use connections that are already terminated. This causes the MySQLStore to throw an uncaught exception.

I am currently testing a fix at mjeffery/connect-mysql

(looks like it wasn't quite perfect...)

When the sessions table contains sessions data saved prior to the update, the JSON.parse() throws an exception which breaks sessions restoration.

I suggest these exceptions should be caught and the session 'reset', perhaps with a warning.

This specific occurrence is a transitional issue but the exception should be handled in some manner.

Thoughts?

Great starting point, but when I put a simple console in the get / set functions its
called very often, even on a simple login page... Imaging if there would be 100 users..
Is this normal behavior?

connect mysql GET: ChZVe-srbodUH1s7xrjAFu1I
start login...
connect mysql SET: ChZVe-srbodUH1s7xrjAFu1I
session.js_unmodified session
connect mysql GET: ChZVe-srbodUH1s7xrjAFu1I
connect mysql GET: ChZVe-srbodUH1s7xrjAFu1I
connect mysql SET: ChZVe-srbodUH1s7xrjAFu1I
connect mysql GET: ChZVe-srbodUH1s7xrjAFu1I
connect mysql SET: ChZVe-srbodUH1s7xrjAFu1I
connect mysql SET: ChZVe-srbodUH1s7xrjAFu1I
session.js_unmodified session
*session.js_unmodified session
session.js_unmodified session
connect mysql GET: ChZVe-srbodUH1s7xrjAFu1I
connect mysql SET: ChZVe-srbodUH1s7xrjAFu1I
*session.js***unmodified session

It seems the format of the encrypted session has changed since the last update, causing an error to be thrown if when the 'old' JSON formatted session is decrypted.

Since this is a breaking change, can we call this update version 3.0.0 instead of 2.1.3?

I was finding that pooled session queries were being lost from the session pool.

It turns out that the cleanup query is wrong (has been wrong for a while :)) but the error was not reported due to the way the scheduling occurred.

The cleanup query references the field id whereas it should reference sid.

The error is:

error { Error: ER_BAD_FIELD_ERROR: Unknown column 'id' in 'field list'
    at Query.Sequence._packetToError (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/sequences/Sequence.js:47:14)
    at Query.ErrorPacket (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/sequences/Query.js:77:18)
    at Protocol._parsePacket (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Protocol.js:278:23)
    at Parser.write (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Parser.js:76:12)
    at Protocol.write (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Protocol.js:38:16)
    at Socket.<anonymous> (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:91:28)
    at Socket.<anonymous> (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:502:10)
    at Socket.emit (events.js:197:13)
    at addChunk (_stream_readable.js:288:12)
    at readableAddChunk (_stream_readable.js:269:11)
    at Socket.Readable.push (_stream_readable.js:224:10)
    at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:145:17)
    --------------------
    at Protocol._enqueue (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Protocol.js:144:48)
    at PoolConnection.query (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:200:25)
    at /home/ovmp/apps/ov-manufacture-planning/node_modules/connect-mysql/lib/connect-mysql.js:216:20
    at execute (/home/ovmp/apps/ov-manufacture-planning/node_modules/connect-mysql/lib/connect-mysql.js:320:11)
    at /home/ovmp/apps/ov-manufacture-planning/node_modules/connect-mysql/lib/connect-mysql.js:334:22
    at Ping.onOperationComplete (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Pool.js:111:5)
    at Ping.<anonymous> (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:502:10)
    at Ping._callback (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:468:16)
    at Ping.Sequence.end (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/sequences/Sequence.js:83:24)
    at Ping.Sequence.OkPacket (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/sequences/Sequence.js:92:8)
    at Protocol._parsePacket (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Protocol.js:278:23)
    at Parser.write (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Parser.js:76:12)
    at Protocol.write (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/protocol/Protocol.js:38:16)
    at Socket.<anonymous> (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:91:28)
    at Socket.<anonymous> (/home/ovmp/apps/ov-manufacture-planning/node_modules/mysql/lib/Connection.js:502:10)
    at Socket.emit (events.js:197:13)
    at addChunk (_stream_readable.js:288:12)
    at readableAddChunk (_stream_readable.js:269:11)
    at Socket.Readable.push (_stream_readable.js:224:10)
    at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:145:17)
  code: 'ER_BAD_FIELD_ERROR',
  errno: 1054,
  sqlMessage: "Unknown column 'id' in 'field list'",
  sqlState: '42S22',
  index: 0,
  sql:
   'DELETE FROM `sessions` WHERE id IN (SELECT temp.id FROM (SELECT `id` FROM `sessions` WHERE `expires` > 0 AND `expires` < UNIX_TIMESTAMP()) AS temp);' }

PR to follow.

I just switched over to connect-mysql (~0.4.0) from connect-mongo and noticed that I was getting logged out unpredictably.

Did some investigation and it looked like rows in the sessions table were disappearing. Looking at it a bit more it looks like the 'expires' column is being set to 0 and then I found this in connect-mysql:

var cleanupQuery = 'DELETE FROM `' + TableName + '` WHERE `expires` < UNIX_TIMESTAMP()';

I haven't had a chance to fully debug this but if I'm not mistaken it looks like maybe the cleanup query run every 15 minutes may be removing my sessions?

I'm using express v3.4.0. I know I can disable cleanup but I was wondering if there is something else going on here? Perhaps you're not expecting the expires column to be 0 ?

Anyway, I hope that's helpful. Let me know if you want me to provide more info.

hi , I tried to use your module with "express": "~4.0.0" , it gave the following error and crashed , works fine with express 3.x .

Error: Most middleware (like session) is no longer bundled with Express and must
 be installed separately. Please see https://github.com/senchalabs/connect#middleware.
    at Function.Object.defineProperty.get (C:\w\zbigo\node_modules\express\lib\express.js:89:13)
    at module.exports (C:\w\zbigo\node_modules\connect-mysql\lib\connect-mysql.js:19:24)
    at Object.<anonymous> (C:\w\zbigo\nsc.js:22:44)
    at Module._compile (module.js:456:26)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Module.require (module.js:364:17)
    at require (module.js:380:17)
    at Object.<anonymous> (C:\w\zbigo\https.js:20:11)
DEBUG: Program node https.js exited with code 8

the code used :

var express = require('express')            //http://expressjs.com
,app = express()
, _e_cookieParser=require('cookie-parser')    //https://github.com/expressjs/cookie-parser
, _e_expressSession=require('express-session')  //https://github.com/expressjs/session
, _e_expressSStore=require('connect-mysql')(express) //https://github.com/nlf/connect-mysql
, mysql = require('mysql')                      //https://github.com/felixge/node-mysql
, pool  = mysql.createPool(conf.db)
app.use(_e_cookieParser());
app.use(_e_expressSession({secret:'--mysecret--',store:new _e_expressSStore({pool:mspool})}));

Many installations of MySQL distributed databases turn off events. As such, you cannot run the command in line 10:

CREATE EVENT IF NOT EXISTS sess_cleanup ON SCHEDULE EVERY 15 MINUTE DO DELETE FROM sessions WHERE expires < UNIX_TIMESTAMP()

When using connect-mysql in Node 8.9.3 I see following warning in the console:

(node:15214) Warning: Use Cipheriv for counter mode of aes-256-ctr

By default sailsjs has options to store sessions in mongodb, redis or memory. But since I'm using MySQL I wanted to store the session also in MySQL.

I tried connect-mysql and in the end I managed to do it, but I had to make some little changes to the code.

First MySQLStore.prototype.query has this.config and this.mysql available at the top of the function, but not inside retry so I did what is also done with pool and initialized config and mysql as variables after pool = this pool.

When trying to log out my server crashed saying undefined is not a function. The culprit is also in MySQLStore.prototype.query, callback(null, value);. To fix that I wrapped it in an if (isFunction(callback)){}

I also have a patch and I hope I can attach it to a comment cause I can't now.

If the user doesn't have permission to create the cleanup event in MySQL, then we should fall back to scheduling the cleanup in node.

See #12 for discussion.

I've been having trouble getting this to work with Express 4.12.3, and then I noticed there hasn't been any updates in over a year. Which got me thinking, does this library support Express 4?

I'm passing the Sequelize object to the client option. The queries works but the Sequelize uses a different event handler ( with success and error chained ). Do you plan to support it?