Well, not really, since this happens _only_ when nginx is used.
I and other people use Express sessions and they work, but in my case nginx somehow breaks them. The fact that session becomes flaky with introduction of nginx doesn't mean Express is broken, it means that nginx introduces some change that affects session.
On the backend, sessions stored in Redis.
Looking at my config - does nginx pass all the headers from browser and backend to each other? Maybe it modifies them somehow? Connect.session, that Express uses (https://github.com/senchalabs/connect/blob/master/lib/middleware/session.js) uses this for fingerprinting:
---
function defaultFingerprint(req) {
var ua = req.headers['user-agent'] || '';
return ua.replace(/;?\schromeframe\/[\d\.]+/, '');
};
---
and gets existing session like so:
---
// get the sessionID from the cookie
req.sessionID = req.cookies[key];
---
So, can it be that nginx constantly modifies UA or filters out cookies? Or anything else?