I'm using connect-mongo to store PassportJS sessions.
My conf in server.js is:
app.use(session({
name: 'Example',
secret:'exampleasd',
saveUninitialized: false,
resave: false,
cookie: { maxAge: 1000*60*60*2 },
store: new MongoStore({
url: 'mongodb://localhost/example',
host: 'localhost',
collection: 'user-sessions',
autoReconnect: true,
clear_interval: 3600
})
}));
My problem is that when I update the users data like the username or email I have to logout and login to get the changes.
I've already tried with req.session.save and req.session.reload, no luck.
Can I update session fields without logout?
Thanks!
You have to use req.user to properly update req.session.passsport.user so:
if you want to change the username just do:
req.user.username = newUsername;
req.session.save(function(err){
//msg here
});
Related
How to differentiate whether the session expired or is it the first time logging in.
I am setting the session like this and storing the data in express-mysql-session.
const sessionStore = new MySQLStore({}, connection);
// session
const adminSession = session({
secret: process.env.ADMIN_SECRET,
resave: false,
saveUninitialized: false,
store: sessionStore,
name: "adminSession",
cookie: {
maxAge: 600000,
secure: false,
},
});
app.use("/api/admin", adminSession, adminRoutes);
//admin login
app.post("/api/admin/login",(req,res)=>{
req.session.adminAuthenticated = true;
});
By simply checking if there is req.session.adminAuthenticated, I can know if admin is logged in or not. But how can I know if the admin had already logged in earlier but the session expired.
Any help with this.
I have a server that has its own domain and is using HTTPS. I have a website that has its own domain and is using HTTPS as well.
On the home page of the website, there is a login button and a sign up button. Both buttons lead to forms to execute their respective tasks, and both forms send requests to the server that respond with cookies, or at least that's what they are supposed to do.
I am using express-session in combination with Redis to store the session ids. Here is the config for that (connectToRedis is simply a function that returns a RedisClient):
const RedisStore = connectRedis(session);
const redisClient = await connectToRedis();
app.use(
session({
store: new RedisStore({
client: redisClient,
}),
cookie: {
httpOnly: true,
secure: true,
sameSite: "lax",
maxAge: TEN_YEARS,
},
resave: false,
saveUninitialized: false,
secret: SECRET,
name: AUTH_COOKIE,
})
);
For some reason the cookies are not being sent in the requests. The Set-Cookie header isn't even showing up! I tried changing SameSite to none (article), but that didn't work.
This is my first time deploying a production website, so all this HTTPS stuff is kind of new to me.
Thanks for your help, and if you need any extra information, please let me know.
IMPORTANT UPDATE:
Finally, I have made some progress (all it took was a pizza break).
I added the path key to my cookie config and gave it the value of /. I also set proxy to true.
So now it looks like this:
const RedisStore = connectRedis(session);
const redisClient = await connectToRedis();
app.use(
session({
store: new RedisStore({
client: redisClient,
}),
cookie: {
httpOnly: true,
secure: true,
sameSite: "none",
maxAge: TEN_YEARS,
path: "/",
},
resave: false,
saveUninitialized: false,
secret: SECRET,
name: AUTH_COOKIE,
proxy: true,
})
);
With this, the cookie is finally appearing in the requests, but it isn't being set in the browser...
I am generating custom session IDs using the genid function with express-session and connect-mongo:
app.use(session({
store: new MongoStore({
mongooseConnection: db,
clear_interval: 60
}),
secret: 'someSecret',
name: 'secret',
genid: function(req){
return uuid4();
},
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: true,
sameSite: true,
maxAge: 60*1000
}
}));
Id generated by uuid4(), I know that it has uniqueness, but not always, I want to know 100% that there is no such ID in the database, I want to check every time this ID is generated, whether such ID already exists in the database. I dug the whole Internet, but did not find anything about how to check that a session with such an ID already exists. I would like to implement it in genid function, like this:
genid: function(req){
let newID = uuid4();
//check if a session with this `newID` exists in the database
}
I don't know how to access the session ring generated by connect-mongo. Sorry for my English. I would be grateful if someone could help! :)
I am using node js with express also mongoDb using.. When I loggedIn the session storing into sessions collection(table) like below
{_id: "1233..",session : "{ "cookie" : { "originalMaxAge" : null , "expire3s" : null, "httpOnly" : "true", "path": "/"} }, expires : 2020-03-27 }
But I am trying to achieve how many browsers/device loggedIn same user at the same time.. How we can store user details like user-id or email store into session table?
If i stored those details then I will get the total count of the records to the particular user.. Or have any best approach to do this..
import session from 'express-session';
import passport from 'passport';
app.use(passport.initialize());
app.use(session({
secret: config.secrets.session,
saveUninitialized: true,
resave: false,
store: new MongoStore({
mongooseConnection: mongoose.connection,
db: 'test'
})
}));
I am having a problem with sessions across sub-domains
I use connect mongo like so:
app.use(session({ // req.session is populated
secret: 'xxxxxx',
saveUninitialized: true,
resave: true,
store: new MongoStore({
db: 'nnn'
}),
cookie: {
path: '/',
maxAge: new Date(Date.now() + time),
domain : 'mydomain.com' ,
httpOnly: true
}
}));
However, when I redirect to a subdomain xyz.mydomian.com the session is invalidated. Can anyone recommend a strategy for getting cross domain login to work with connect-mongo ?