Code:
Express.js
'use strict';
module.exports = function(app, io, server) {
var express = require('express');
var bodyParser = require('body-parser');
var methodOverride = require('method-override');
app.use(bodyParser.json({ type: 'application/vnd.api+json' }));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(methodOverride('X-HTTP-Method-Override'));
// Redis
const redis = require('./utils/redis.js')();
app.set('redis', redis);
let isSessionCreated = false;
app.use('*', (req, res, next) => {
if(!isSessionCreated) {
isSessionCreated = true;
require('./middleware/sessionConfig.js')(app);
next();
}
});
// Passport
require('./middleware/passport.js')(app);
// Start Socket
require('./middleware/startSocket')(app, io);
app.use(express.static(__dirname + '/public'));
app.use(express.static(__dirname + '/dist'));
// Start Webpack
require('./webpack/startWebpack.js')(app);
// routes ==================================================
require('./routes/routes')(app); // configure our routes
require('../config/webpack.dev.js');
}
redis.js
'use strict';
const redis = require('redis'),
session = require('express-session'),
redisStore = require('connect-redis')(session),
redisClient = redis.createClient(),
uuid = require('uuid'),
cookieParser = require('cookie-parser');
module.exports = function() {
console.log('Redis started');
// Connects to Redis Store
const sessionStore = new redisStore({
host: '127.0.0.1',
port: 6379,
client: redisClient,
ttl : 3600000
});
redisClient.on('error', (err)=> {
console.log('could not connect ', err);
});
// Checks for Redis Connection
redisClient.on('connect', ()=> {
console.log('redis connected');
});
return {
set: function(obj) {
console.log('set called: ', obj);
redisClient.set(obj.id, obj.token);
},
sessionStore
}
}
sessionConfig.js
'use strict';
module.exports = function(app) {
const cookieParser = require('cookie-parser'),
session = require('express-session'),
uuid = require('uuid');
// Sets up Express Session
app.use(cookieParser());
console.log('session created');
let redis = app.get('redis');
app.use(session({
name: 'irelief',
secret: 'irelief',
store: redis.sessionStore,
cookie: {
cookieName: 'xyz',
httpOnly: false,
secret: 'irelief',
secure: false,
maxAge: 360000000
},
genid: function(req) {
return uuid.v4();
},
saveUninitialized: false,
resave: true,
rolling: true
}));
}
OUTPUT OF req.session on app.get('/', (req, res))
session: Session {
cookie:
{ path: '/',
_expires: 2017-07-30T22:38:34.653Z,
originalMaxAge: 360000000,
httpOnly: false,
cookieName: 'xyz',
secret: 'irelief',
secure: false } }
I have tried all that was said across any communities, nothing helps so far.
The same problem persists with passport.js
Any help will be awesome
Related
I know this question or similar was raised but I didn't find anything fitting to my case.
I've got login controller where I create session and its variables. Then in another controller (e.g. app.js) I want to check if user data were passed successfully. And... it's undefined. Session exists but not its variables.
Below I'm pasting some code, I hope it will clear up.
Why is this happening?
Note: cookie: { secure: false } is not working.
Edit: I've found similar question here but is it possible to resolve this without using Passport?
login.js
module.exports.login = (req, res) => {
/*some login code */
const loggedUserData = {
id: userID,
email: userEmail,
};
req.session.userData = loggedUserData;
res.json({
status: true,
userData: req.session.userData,
});
console.log(req.session.userData.id); //it's defined
};
app.js
module.exports.app = (req, res) => {
console.log(req.cookies["sid"]); //displays hash of session
console.log(req.session.id); //also it has session id, it's fine
console.log(req.session.userData); //but here is undefined
console.log(req.session.userData.id); //and here it's blowing up because `Cannot read property 'id' of undefined`
};
server.js
const express = require("express");
const session = require("express-session");
const bodyParser = require("body-parser");
const cors = require("cors");
const cookieParser = require("cookie-parser");
const loginController = require("./controllers/login");
const appController = require("./controllers/app");
const { PORT = 4001, NODE_ENV = "development", SESS_NAME = "sid", SESS_SECRET = "123", SESS_LIFETIME = null } = process.env;
const IN_PROD = NODE_ENV === "production" ? true : false;
const app = express();
app.set("query parser", "simple");
app.use(cors({ origin: true, credentials: true }));
app.use(express.static("./"));
app.use(express.json({ limit: "1mb" }));
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cookieParser());
app.use(
session({
secret: SESS_SECRET,
resave: true,
saveUninitialized: false,
name: SESS_NAME,
cookie: {
httpOnly: true,
secure: false,
sameSite: true,
secure: IN_PROD,
maxAge: SESS_LIFETIME,
},
})
);
app.get("/", appController.app);
app.post("/login", loginController.login);
app.listen(PORT, () => `Server listening on ${PORT} port`);
Trying to get sessions set up with Redis. I have my Redis DB in a dokku container, linked to my app (also in a dokku container). I keep getting a session undefined.I've stripped things back to the bare minimum, also checked the order in which things are run. I still get an undefined.
I've read here 'session' is undefined when using express / redis for session store and Express js session undefined to no avail.
I shouldn't need to use cookie-parser, as expression-session has cookie stuff in it, and the docs say cookie-parser can cause problems with expression-session.
var express = require('express');
var session = require('express-session');
var redisStore = require('connect-redis')(session);
var bodyParser = require('body-parser');
var app = express();
app.set('port', (process.env.PORT || 5000));
var redisURL = 'redis://xxxxx:1234567#bar-redis-foo:6379';
var store = new redisStore({ url: redisURL });
app.use(session({
secret: 'ssshhhhh',
store: store,
saveUninitialized: true,
resave: true
}));
app.use(express.static(__dirname + '/public'));
app.use(bodyParser.json()); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
}));
app.get('/', function(req, res, next) {
console.log(req.session); // Logs Undefined
res.send('Hello');
});
Check your redis connection and run again. Sample code is following line.
"use strict";
const express = require("express");
const bodyParser = require("body-parser");
const session = require("express-session");
const RedisStore = require("connect-redis")(session);
const app = express();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: false}));
app.use(session({
secret: "$kx(Fj$uB!Ug!#jCkguFmc6f7t<c-e$9",
resave: false,
saveUninitialized: true,
store: new RedisStore({
url: "redis://:********#pub-redis-12766.eu-central-1-1.1.ec2.redislabs.com:12766",
ttl: 5 * 60 // 5 minute (Session store time)
})
}));
app.use(function (request, response, next) {
let path = request.originalUrl;
if (request.session.user) {
request.session.reload(function (err) { //session expire time regenerate
if (!err) {
next();
} else {
response.redirect('/login');
}
});
} else {
if (path == '/login') {
next();
} else {
response.redirect('/login');
}
}
});
app.get('/', function(request, response) {
if (request.session.user) {
response.send(request.session.user);
} else {
response.redirect("/login");
}
});
app.get('/login', function(request, response) {
if (request.session.user) {
response.redirect("/");
} else {
request.session.user = {username: "halil"}; //custom key {user} and custom data {username: "halil"}
}
response.send('Login');
});
app.get('/logout', function(request, response) {
if (request.session.user) {
request.session.destroy();
response.redirect("/login");
} else {
response.redirect("/login");
}
});
app.listen(app.get('port'), function () {
console.log('App is working on port: ' + app.get('port'));
});
I am currently working on a basic app where a user needs to authenticate (with passportJS) and then send a message to my server with socket.io. Here is the nodeJS code:
var express = require('express');
var path = require('path');
var favicon = require('serve-favicon');
var logger = require('morgan');
var cookieParser = require('cookie-parser');
var bodyParser = require('body-parser');
var expressSession = require('express-session');
var mongoose = require('mongoose');
var passport = require('passport');
var LocalStrategy = require('passport-local').Strategy;
var routes = require('./routes/index');
var api = require('./api/index');
var auth = require('./routes/auth');
var session = expressSession({secret: 'mySecret', resave: true, saveUninitialized: true});
var port = normalizePort(process.env.PORT || '3000');
var app = express();
var server = require('http').createServer(app);
var io = require('socket.io')(server);
var sharedsession = require('express-socket.io-session');
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.set('port', port);
//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(session);
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/bower_components', express.static(path.join(__dirname, 'bower_components')));
app.use('/', routes);
app.use('/api', api);
app.use('/auth', auth);
// passport config
var User = require('./models/user');
passport.use(new LocalStrategy({
usernameField: 'email'
}, User.authenticate()));
passport.use(require('./strategies/facebook'));
passport.use(require('./strategies/google'));
passport.serializeUser(function(user, done) {
done(null, { id: user._id });
});
passport.deserializeUser(function(obj, done) {
done(null, obj);
});
io.use(sharedsession(session, {
autoSave:true
}));
io.on('connection', function(socket) {
console.log('user connected');
console.log(socket.handshake.session);
socket.on('message-new', function(data) {
console.log('receiving message to create');
console.log(socket.handshake.session);
});
socket.on('disconnect', function() {
console.log('user disconnected');
});
});
server.listen(port);
So as you can see I use express-socket.io-session to be able to access the session in my socket and it is supposed to be the same than req.session. So at first when a user is connected to the socket.io (but not authenticated), his socket.handshake.session is equal to req.session so:
Session {
cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true } }
once he authenticates, req.session becomes:
cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true },
passport: { user: { id: 56a13e58150f42fc29b44b7a } } }
but when I emit a message-new from the client and that it displays socket.handshake.session, it is still equals to
Session {
cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true } }
So the socket's session was not updated when req.session was. How can I change this behavior? I need to be able to know in my socket if the user is connected or not...
Inside your event listener 'new message' you can tell the session to reload, the docs don't explicitly say this, but it shares some of the same methods with the express-session
Inside your event listener you can tell session to reload
socket.handshake.session.reload(function(err) {
// this will give you the update session info
}
With the 'express-session' you can use the same method as in the docs
I am implementing a MongoStore for use in session storage within my Node.js/Express application, however it looks as if none of the sessions are actually being stored in the database. (The MongoDB does not even have the db.session).
Socket.io 'authorization' takes the incoming data, and crosschecks the sent sessionID, however it keeps returning empty.
Hope someone could shed some light on any issues?
var express = require('express');
var bodyParser=require('body-parser');
var cookieParser = require('cookie-parser');
var session = require('express-session');
var MongoStore = require('connect-mongo')(session);
var utils = require("express/node_modules/connect/lib/utils");
var parseSignedCookie = utils.parseSignedCookie;
var cookie = require('cookie');
var app = express();
app.use(bodyParser());
app.use(cookieParser());
var sessionStore = new MongoStore({
db: 'express',
host: 'localhost',
port: 27018,
collection: 'session',
auto_reconnect:true
});
app.use(session({
cookie: { maxAge: 5000 } ,
secret: "session secret",
store: sessionStore
}));
function checkSession(req,res,next){
if(req.session.user){
next();
}
else {
req.session.error = "Get Outta here!";
res.redirect('/');
}
}
app.get('/', function(req, res){
res.sendfile('./index.html');
});
app.post('/',function(req,res){
if(req.body.name){
req.session.user=req.body.name;
res.redirect('/info');
}
else {
req.session.error = "Auth Failure";
res.redirect('back');
}
});
app.get('/info', checkSession, function(req,res){
if(req.headers.cookie){
var session_id = utils.parseSignedCookie(req.headers.cookie, 'session secret');
console.log(session_id);
console.log("true");
res.sendfile('./info.html');
}
else {
console.log("false");
res.redirect('/');
}
});
var http = require('http').Server(app);
http.listen(80, function(){
console.log('listening on *:80');
});
var io = require('socket.io').listen(http);
You're not using your sessionStore anywhere. Try this:
app.use(session({
store: sessionStore,
cookie: { maxAge: 5000 } ,
secret: "session secret"
}));
I'm using express and socket.io and I want to share the express session between the two, with each one being on a different Node instance (localhost:3000 and localhost:8000). So far, express will create the session and the cookie created, however socket.io only picks up the 'io' cookie, not the express cookie. Can anyone show mw here my error is? I'm using express 4.x and socket.io 1.x.
Express config (localhost:3000):
var cookieParser = require('cookie-parser')
, session = require('express-session')
, bodyParser = require('body-parser')
, express = require('express')
, redis = require('redis')
, RedisStore = require('connect-redis')(session);
module.exports = function (app, passport) {
app.use(express.static('./static'))
app.use(cookieParser("thisismynewsecret"));
app.use(session({
//passport: passport,
name: 'sid',
//key: 'express.sid',
secret: 'thisismynewsecret',
saveUinitialized: true,
resave: true,
store: new RedisStore({ client: redis.createClient() }),
cookie: {
httpOnly: true,
path: '/',
secure: false
}
}));
app.use(passport.initialize());
app.use(passport.session());
// all environments
app.set('port', process.env.PORT || 3000)
app.set('views', './views')
app.set('view engine', 'jade')
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
app.use(require('method-override')());
app.use( require('express-subdomain-handler')({ baseUrl: 'localhost', prefix: 'myprefix', logger: true }) );
}
});
socket.io (localhost:8000):
var fs = require('fs');
var session = require('express-session');
var cookie = require('cookie');
var cookieParser = require('cookie-parser');
var sessionStore = require('connect-redis')(session);
var server = require('http').Server(function(req, res) {
fs.readFile(__dirname + '/views/JAMinit.html', function(error, content) {
if (error) {
res.writeHead(500);
res.end();
}
else {
res.writeHead(200, { 'Content-Type': 'text/html' });
res.end(content, 'utf-8');
}
});
}).listen(8000);
var io = require('socket.io')(server);
io.use(function(socket, next) {
var data = socket.handshake || socket.request;
if (data.headers.cookie) {
data.cookie = cookie.parse(cookieParser.signedCookie(data.headers.cookie, 'thisismynewsecret'));
console.log(data.cookie);
console.log('data.cookies ( %s )', JSON.stringify(data.cookie));
if (data.cookie.sid) {
data.sid = data.headers.cookie.sid;
sessionStore.get(data.headers.cookie.sid, function(err, session) {
data.session = session;
});
}
}
next();
});
Check out express.io, it combines express and socket.io and has automatic session support.