I'm using express-session for my app. Cookies are set and users are authorised when deployed on Heroku which by default serves the app on a secure connection. When working locally on localhost with a non https connection the session is not initialised thus causing me to get a 401 back everytime. I cannot find any answers for this. My code is as follows:
app.use(session({
name: consts.SESSION_COOKIE_NAME,
secret: consts.SECRET_KEY,
saveUninitialized: false,
resave: true,
cookie:{
httpOnly: true,
secure: false
}
}));
Related
I have a Node.js API on api.com that authenticates users based on Sessions. How can I save session from api in api.com to client.com?
For example; I'm going to send a request from client.com to api.com and add a session cookie to client.com from the api on api.com.
My session settings;
app.use(session({
secret: process.env.SECRET,
resave: false,
saveUninitialized: false,
store
}))
Basically, I have a sign-in form, running on AUTH.domain.com and I create a session (saved in cookie) for the logged users. Then I redirect the user to APP.domain.com, and I need his session to be passed also to this subdomain, but we can't figure, how to do that.
Authorization works with passport.js, and session set from passport.js
I tried set domain option on cookies middleware and set res.sessionOption.domain = '.domain.com'. But this does work.
app.use(cookiesession({
secret: 'secretstring',
saveUninitialized: false,
resave: true,
domain: '.domain.com'
}));
app.use(passport.initialize());
app.use(passport.session());
req.sessionOptions.domain = '.domain.com';
Try setting the domain to domain.com (note the omission of the preceding .)!
I have been working on MERN stack application, I tried to create login module for my application , so that i have used google authentication in the server side using passportjs. Every thing working good when i use localhost,but when my app running on aws server then nodejs does not store my cookie session,so that passport deserializeUser does not working, and passport serializeUser working good.
*my react app running on digital ocean server.
*my node app running on aws server.
API call in my react app:
axios.get(url,{withCredentials: true}).then((response) =>{
console.log('login:',response.data)
}).catch((e)=>{
console.log('error:',e)
})
}
session setting in my node app:
router.use(cookieParser());
router.use( session( { secret: 'keyboard cat',
cookie: { maxAge: 24 * 60 * 60 * 1000 },
resave: true,
saveUninitialized: false
}
)
);
router.use(passport.initialize());
router.use(passport.session());
Cookie session and passport session are stored and working fine when the app in running my local host.
I am using passport.js local strategy for login but not being able to set session. I have two servers i.e. localhost:3000 is for node and another is localhost:4200. Here I want to set session on request from localhost:4200.
How your session is configured ??
Here's an example of how you can do it.
app.use(session({
secret: 'some secret that must not be explicit in code',
saveUninitialized: true,
resave: true,
store: new MongoStore({
mongooseConnection: mongoose.connection
})
}))
If I am using the default express session store with the same keys on different web servers behind a load-balancer will I need sticky sessions for them to work?
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}));
Or will I have to use a persistent store like Redis? I do not want to use sticky sessions.