I notice that some of the project will use redis store and express session to save the user session
For example:
const session = require('express-session');
var redis = require("redis");
var redisStore = require('connect-redis')(session);
var client = redis.createClient();
var app = express();
app.use(session({
secret: 'scret',
store: new redisStore({
host: '127.0.0.1',
port: 6379,
client: client,
ttl : 7200
}),
saveUninitialized: true,
// rolling: false,
resave: true,
cookie: {
maxAge: 2 * 60 * 60 * 1000
}
}));
What is the reason that we need to use these two Session Management function at the same time?
express-session can be set up with different "stores" to save session data.
MemoryStore comes with the package express-session.
The authors of express-session warn about this default store.
Warning The default server-side session storage, MemoryStore, is
purposely not designed for a production environment. It will leak
memory under most conditions, does not scale past a single process,
and is meant for debugging and developing.
Redis is one of the compatible session stores and in this case is used "as a replacement" of a default store.
Question: How can I confirm that the session values from my simple node.js test app are being stored in Redis?
Backstory: I am hosting this app on a Digital Ocean server running Centos. Redis is installed on the server and I confirmed that it was turned on using the ping command. With the app running I checked the / endpoint in Chrome and the route fired as expected. Everything seems fine but how do I check to see if Redis is actually storing the session values?
$ redis-cli ping // PONG
app.js
const express = require('express');
const session = require('express-session');
const redis = require('redis');
const RedisStore = require('connect-redis')(session);
const app = express();
const redisClient = redis.createClient();
const PORT = 8080;
app.set('view engine', 'ejs');
app.use(session({
name: 'randomWord',
resave: false,
saveUninitialized: false,
secret: 'superSecretKey',
store: new RedisStore({ client: redisClient }),
cookie: {
sameSite: true,
secure: false,
}
}));
app.get('/', function(req, res, next) {
req.session.counter += 1;
res.render('index', { output: req.session.counter });
});
app.listen(PORT, () => console.log( `app listening on port ${PORT}` ));
from index.ejs
<h1><%= output %></h1>
There's multiple ways to verify it, but probably the simpler is to connect to your Redis instance and have a look at the commands going through. An example:
$ redis-cli
$ monitor
With the monitor command, Redis will print every single command reaching the server. With your Express server up and running, try logging in, or whatever action triggers a session creation in your system. Watch the logs printed by the monitor command, and you'll easily be able to tell whether the sessions are being stored in Redis.
For further validation, stop the Express instance and run it again; you should still have the session available, as it's not stored in memory, but instead using Redis.
I'm trying to use socket.io-redis to scale my app on Heroku to 2 dynos (or more). Here is my code (where config.redis is just an object housing RedisToGo port, host, and pass values):
var redisApp = require('redis');
var redis = require('socket.io-redis');
if(process.env.NODE_ENV === 'production') {
var socketpub = redisApp.createClient(config.redis.port, config.redis.host, {auth_pass: config.redis.pass, return_buffers: true});
var socketsub = redisApp.createClient(config.redis.port, config.redis.host, {auth_pass: config.redis.pass, detect_buffers: true});
var client = redisApp.createClient(config.redis.port, config.redis.host, {auth_pass: config.redis.pass, return_buffers: true});
socketio.adapter(redis({
pubClient: socketpub,
subClient: socketsub,
redisClient: client
}));
}
On the client side I have:
var ioSocket = io('', {
path: '/socket.io-client',
'force new connection': true,
transports: ['websocket']
});
..so socket.io doesn't try to use polling.
I also have the right Heroku env vars configured for RedisToGo (REDISTOGO_HOST,
REDISTOGO_PASS, REDISTOGO_PORT).
When we're scaled to 1 dyno, the socket behavior is perfect. At 2 dynos, the behavior is way off - requests are being randomly made to either 1 dyno or the other, and the socket events being emitted are sent only to clients running on the dyno to which the request was made and not all (which socket.io-redis & RedisToGo should be taking care of).
Any thoughts would be greatly appreciated!
not sure if this helps you but I am using in this way redis and socketio and it is working good.
var redis = require('redis').createClient;
var adapter = require('socket.io-redis');
var port = config.redistogo.port;
var host = config.redistogo.host;
var pub = redis(port, host, {
auth_pass: auth_pass
});
var sub = redis(port, host, {
detect_buffers: true,
auth_pass: auth_pass
});
io.adapter(adapter({
pubClient: pub,
subClient: sub
}));
I am trying to integrate Redis sessions into my authentication system written in Node.js.
I have been able to successfully set up Redis server, connect-redis and Express server.
Here is my setup (just the important bit):
var express = require("express");
var RedisStore = require("connect-redis")(express);
var redis = require("redis").createClient();
app.use(express.cookieParser());
app.use(express.session({
secret: "thisismysecretkey",
store: new RedisStore({ host: 'localhost', port: 6379, client: redis })
}));
Now... How do I actually create, read and destroy the session? I am aware that that is probably extremely simple. I have read tons of articles on how to setup connect-redis and many questions here on SO, but I swear each one stops on just the configuration and does not explain how to actually use it...
That should be all there is to it. You access the session in your route handlers via req.session. The sessions are created, saved, and destroyed automatically.
If you need to manually create a new session for a user, call req.session.regenerate().
If you need to save it manually, you can call req.session.save().
If you need to destroy it manually, you can call req.session.destroy().
See the Connect documentation for the full list of methods and properties.
Consider this code.
var express = require('express');
var redis = require("redis");
var session = require('express-session');
var redisStore = require('connect-redis')(session);
var bodyParser = require('body-parser');
var client = redis.createClient();
var app = express();
app.set('views', __dirname + '/views');
app.engine('html', require('ejs').renderFile);
app.use(session({
secret: 'ssshhhhh',
// create new redis store.
store: new redisStore({ host: 'localhost', port: 6379, client: client,ttl : 260}),
saveUninitialized: false,
resave: false
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.get('/',function(req,res){
// create new session object.
if(req.session.key) {
// if email key is sent redirect.
res.redirect('/admin');
} else {
// else go to home page.
res.render('index.html');
}
});
app.post('/login',function(req,res){
// when user login set the key to redis.
req.session.key=req.body.email;
res.end('done');
});
app.get('/logout',function(req,res){
req.session.destroy(function(err){
if(err){
console.log(err);
} else {
res.redirect('/');
}
});
});
app.listen(3000,function(){
console.log("App Started on PORT 3000");
});
So you need to install connect-redis and pass your express-session instance to it.
Then in middleware initialize redisStore with server details like this.
app.use(session({
secret: 'ssshhhhh',
// create new redis store.
store: new redisStore({ host: 'localhost', port: 6379, client: client,ttl : 260}),
saveUninitialized: false,
resave: false
}));
I put ttl to 260, you can increase. After TTL reaches its limits, it will automatically delete the redis key.
In routers you can use req.session variable to SET, EDIT or DESTROY the session.
One more thing...
If you want custom cookie i.e not as same as in your Redis store you can use cookie-parser to set cookie secrets.
Hope it helps.
link : https://codeforgeek.com/2015/07/using-redis-to-handle-session-in-node-js/
You can also use the Redis monitor tool to see all the action in real time! When you refresh your app you will see the data appear in the console window.
redis-cli monitor
Sample Output for Sessions using tj/connect-redis
1538704759.924701 [0 unix:/tmp/redis.sock] "expire" "sess:F9x-YgbgXu1g7RG8tFlkwY3RV0JzHgCh" "3600"
1538704759.131285 [0 unix:/tmp/redis.sock] "get" "sess:F9x-YgbgXu1g7RG8tFlkwY3RV0JzHgCh"
1538704787.179318 [0 unix:/tmp/redis.sock] "set" "sess:Hl3LPbOBdKO44SG4zQHFn2gfdiWTwzWW" "{\"cookie\":{\"originalMaxAge\":3600000,\"expires\":\"2018-10-05T02:59:47.178Z\",\"secure\":true,\"httpOnly\":true,\"domain\":\".indospace.io\",\"path\":\"/\"},\"path\":\"/\",\"userAgent\":{\"family\":\"NewRelicPingerBot\",\"major\":\"1\",\"minor\":\"0\",\"patch\":\"0\",\"device\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"},\"os\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"}},\"ip\":\"184.73.237.85\",\"page_not_found_count\":0,\"city\":\"Ashburn\",\"state\":\"VA\",\"city_state\":\"Ashburn, VA\",\"zip\":\"20149\",\"latitude\":39.0481,\"longitude\":-77.4728,\"country\":\"US\"}" "EX" "3599"
1538704787.179318 [0 unix:/tmp/redis.sock] "set" "sess:Hl3LPbOBdKO44SG4zQHFn2gfdiWTwzWW" "{\"cookie\":{\"originalMaxAge\":3600000,\"expires\":\"2018-10-05T02:59:47.178Z\",\"secure\":true,\"httpOnly\":true,\"domain\":\".indospace.io\",\"path\":\"/\"},\"path\":\"/\",\"userAgent\":{\"family\":\"NewRelicPingerBot\",\"major\":\"1\",\"minor\":\"0\",\"patch\":\"0\",\"device\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"},\"os\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"}},\"ip\":\"184.73.237.85\",\"page_not_found_count\":0,\"city\":\"Ashburn\",\"state\":\"VA\",\"city_state\":\"Ashburn, VA\",\"zip\":\"20149\",\"latitude\":39.0481,\"longitude\":-77.4728,\"country\":\"US\"}" "EX" "3599"
I am using redis for session in my node.js express app. It works fine on my dev box, but on production, it seems redis sessions are not being saved.
I'm not seeing any kind of error, other than I cannot login.
Redis is running w/ same configuration. But when I run redis-cli and type 'select 1' (the db) and KEYS '*' I get nothing.
var RedisStore = require('connect-redis')(express);
app.use(express.session({
store: new RedisStore({
host: cfg.redis.host,
db: cfg.redis.db
}),
secret: 'sauce'
}));
cfg.redis.host is localhost
and cfg.redis.db is 1
This is the error I get when I run redis-cli monitor
Error: Protocol error, got "s" as reply type byte
A few suggestions. Are you sure Redis uses the same port and password in production? If you're using SSL with a service like Heroku, you need to set proxy: true to have Express treat cookies that arrive after after earlier SSL termination.
.use(express.session({
store: new RedisStore({
port: config.redisPort,
host: config.redisHost,
db: config.redisDatabase,
pass: config.redisPassword}),
secret: 'sauce',
proxy: true,
cookie: { secure: true }
}))
I require the following config.js file to pass on Redis config values:
var url = require('url')
var config = {};
var redisUrl;
if (typeof(process.env.REDISTOGO_URL) != 'undefined') {
redisUrl = url.parse(process.env.REDISTOGO_URL);
}
else redisUrl = url.parse('redis://:#127.0.0.1:6379/0');
config.redisProtocol = redisUrl.protocol.substr(0, redisUrl.protocol.length - 1); // Remove trailing ':'
config.redisUsername = redisUrl.auth.split(':')[0];
config.redisPassword = redisUrl.auth.split(':')[1];
config.redisHost = redisUrl.hostname;
config.redisPort = redisUrl.port;
config.redisDatabase = redisUrl.path.substring(1);
console.log('Using Redis store ' + config.redisDatabase)
module.exports = config;