I use node express 4.0 to implement a message code verify function.
I use session to store the msg code I send.
I set up the session middleware as dos said:
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: false
}));
app.use(cookieParser());
app.use(session({secret:'ssssss'}));
app.use(express.static(path.join(__dirname, 'public')));
app.use('/uploads', express.static(path.join(__dirname, 'uploads/temp')));
but when I use post method get the msg code, I found that the session didn't set successfully.
Like this code below:
router.post('/msgCode', function(req, res) {
req.session.test = 'test';
// request send msg code api then response
}
when I repost this router I found that the req.session.test is undefined.
then I try this in another router:
router.get('/sendMsgTest', function(req, res) {
req.session.test = 'test';
res.json({
status:0
})
}
every time I request sendMsgTest, I can get req.session.test. And when I request another get method, I can get req.session.test value successfully.
So why is it my post method didn't work?
I had the same issue. I've been using fetch for requests and it does not send cookies by default, so I got different cookie ids for GET and POST requests. The solution was:
fetch(url, {
credentials: 'same-origin' // or 'include'
});
See https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials for more info.
you just try the session.save() , and in express 4 you must mention "resave" ,"saveUninitialized"
var session = require('express-session');
app.use(session({secret: 'keyboard cat', resave: false, saveUninitialized: true,cookie: { path: '/', httpOnly: true, maxAge: 30 * 30000 },rolling: true}));
router.post('/savesession', function (req, res) {
req.session.user = 'user';
req.session.save()
res.json(req.session.user);
});
router.get('/getsession', function (req, res) {
res.json(req.session.user);
});
You don't mention how you're calling the POST route. Are you sending the session cookie along with the POST request? Also, what type of response is the POST method returning?
(in app.js)
var session = require('express-session');
app.use(session({
secret: 'sooper_secret',
resave: false,
saveUninitialized: false
}));
(in routes/index.js)
router.post('/post', function (req, res) {
req.session.test = 'test';
res.json({success: true});
});
router.get('/get', function (req, res) {
const results = {
sessionData: req.session.test || 'session data not found'
};
res.json(results);
});
(command line)
% curl -X POST localhost:3000/post --cookie-jar test.cookie
% {"success":true}
% curl localhost:3000/get --cookie test.cookie
% {"sessionData":"test"}
Related
I'm trying to create an API with express that I will access using a React front end. I'm having a hard time figuring out how to handle authentication using express-session.
I used the middleware like follows:
var corsOptions = {
credentials: true,
origin: 'http://localhost:3000'
}
app.use(cors(corsOptions));
app.use(session({
secret: 'dfgdfbgbdfgd',
saveUninitialized: false,
resave: false,
cookie: {
secure: false
}
}));
Here is the Log in route (the local_auth middleware is just checking if the credentials are correct):
AccountRouter.post('/login', local_auth, (req, res) => {
req.session.user_id = req.user._id;
return res.status(200).send('Connected');
});
After loging in, I try to access the following route from React to check if the session is operational:
AccountRouter.get('/authcheck', (req, res) => {
let sess = req.session.user_id;
console.log(sess);
if (sess) return res.status(200);
else return res.status(404).send('pffff');
});
req.session is undefined.
The front end code is just a simple axios request to the above url. I have no idea if I have to save the cookie to localStorage and send each for each request.
Here is the request to the authcheck route:
axios.get('http://localhost:5000/api/accounts/authcheck', {withCredentials: true})
.then((response) => {
console.log(response);
})
.catch(() => {
console.log('waaah va te connecter');
});
And the login request:
const data = {
'email': e.target.email.value,
'password': e.target.password.value
};
axios.post('http://localhost:5000/api/accounts/login', data)
.then((response) => {
const sessionID = response.data;
console.log(sessionID);
});
req.session is undefined.
If req.session is undefined, then you are apparently trying to use the session in a route that is defined BEFORE this middleware code:
app.use(session({
secret: 'dfgdfbgbdfgd',
saveUninitialized: false,
resave: false,
cookie: {
secure: false
}
}));
has had a chance to run. When req.session is undefined, that means the session code has not yet run. Even if you had a cookie issue that causes a prior session to get lost, you would still have a new empty req.session if the session middleware had already run.
So, since you don't show the overall order of all your routes, we can't offer a specific fix, but it appears that this:
AccountRouter.get('/authcheck, ...)
is running before your session middleware which is a problem for any route that depends upon the session.
I'm using the passport.js local strategy.
I was testing it under proxy setting, localhost.
Things worked fine until I prepare to deploy.
I changed the API address to include dotenv and set CORS settings on the server-side.
When trying to login, CORS works fine, OPTIONS and the POST get 200 ok. The client receives the success data. cookie saved in client.
But when auth checking process runs right after Redux "isLoggedin" state is updated(useEffect), req.session doesn't
t have the passport object. So deserializeUser not be called. The session contains other cookie info except for Passport.
This one is only on Firefox(not Chrome): Page will be redirected if the login auth succeeded(it checks right after login redux state changed), but since it's failed, the user stays on the login page still. But if I try to login on the same page again, the cookie start to show the passport object.(in other words, it shows from 2nd attempt). But it doesn't persist because the Redux login state has been changed to true at the first login attempt already.(so Auth checking doesn't occur.)
client:
Axios.post(
`${process.env.REACT_APP_API_URI}/api/users/login`,
loginData,
{ withCredentials: true, }
).then((res) => res.data){
//save isLoggedin to true in Redux
}
// auth check logic starts right after changing isLoggedin. Axios Get to authenticateCheck
server.js
app.use(helmet());
// app.use(express.static('public'));
app.use("/uploads", express.static("uploads"));
// Passport configuration.
require("./utils/passport");
// connect to mongoDB
mongoose
.connect(db.mongoURI, {
useNewUrlParser: true,
useUnifiedTopology: true,
useCreateIndex: true,
useFindAndModify: false,
})
.then(() => console.log("mongoDB is connected."))
.catch((err) => console.log(err));
// CORS Middleware
const corsOptions = {
origin: "http://localhost:8000",
optionsSuccessStatus: 200, // some legacy browsers (IE11, various SmartTVs) choke on 204
credentials: true,
methods: ["POST", "GET", "DELETE", "PUT", "PATCH", "OPTIONS"],
allowedHeaders:
"Origin, X-Requested-With, X-AUTHENTICATION, X-IP, Content-Type, Accept, x-access-token",
};
// app.use(cors(corsOptions));
app.options(/\.*/, cors(corsOptions), function (req, res) {
return res.sendStatus(200);
});
app.all("*", cors(corsOptions), function (req, res, next) {
next();
});
// to get json data
// support parsing of application/json type post data
app.use(express.json());
app.use((req, res, next) => {
req.requestTime = new Date().toISOString();
next();
});
//support parsing of application/x-www-form-urlencoded post data
app.use(express.urlencoded({ extended: true }));
app.use(cookieParser());
// db session store
const sessionStore = new MongoStore({
mongoUrl: db.mongoURI,
collection: "sessions",
});
// tell app to use cookie
app.use(
session({
secret: process.env.SESSION_SECRET_KEY,
resave: false,
saveUninitialized: false,
store: sessionStore,
cookie: {
httpOnly: true,
secure: false,
sameSite:"none",
maxAge: 24 * 60 * 60 * 1000, // 24 hours
//keys: [process.env.COOKIE_ENCRYPTION_KEY]
},
name: "pm-user",
})
);
// tell passport to make use of cookies to handle authentication
app.use(passport.initialize());
app.use(passport.session());
app.use(compression());
app.use(flash());
app.use((req, res, next) => {
console.log("req.session:", req.session);
// console.log('/////// req: ///////', req);
console.log("////// req.user: ", req.user, " //////");
next();
});
//---------------- END OF MIDDLEWARE ---------------------//
authController:
exports.authenticateCheck = (req, res, next) => {
console.log("req.isAuthenticated():", req.isAuthenticated());
if (req.isAuthenticated()) {
return next();
} else {
return res.json({
isAuth: false,
error: true,
});
}
};
It would be a really big help if you can advise me where to look to fix it.
Thanks.
I found the solution finally.
It was because the session was renewed every time when a new request starts other than a login request.
The solution was, I had to add { withCredentials: true } to every Axios option in my frontend.
I created two post api in nodejs one is login and another one is dashboard api. I want to send the email, role data from login api to dashboard api.Can anyone give me the solution for this problem?Advance Thankyou for your answer.
var express = require("express");
var session = require("express-session");
var bodyParser = require("body-parser");
var app = express();
app.engine('html', require('ejs').renderFile);
app.use(session({
secret: 'JILLU',
cookie:{maxAge:60*60*24*1000},
resave: false,
saveUninitialized: false
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.post('/login',function(req,res,next){
var ses = req.session;
ses.id=req.session.id;
ses.email=req.body.mailid;
ses.role=req.body.role;
console.log(ses.id);
res.redirect(307,'/dashboard');
});
app.post('/dashboard',function(req,res){
console.log("dashboard");
if(ses.email) {
console.log("email is a live");
console.log(ses.email);
console.log(ses.role);
console.log(ses.id);
res.write(ses.email);
res.write(ses.role);
} else {
console.log("login first");
res.render(__dirname+"/mailrequest.html");
}
});
app.listen(8086,function(){
console.log("App Started on PORT 8086");
});
This should work,
// '/login'
app.post('/login',function(req,res,next){
var ses = req.session;
ses.email=req.body.mailid;
ses.role=req.body.role;
console.log(ses.id);
res.redirect(307,'/dashboard');
});
// '/dashboard'
app.post('/dashboard',function(req,res){
console.log("dashboard");
if(req.session.email) {
console.log("email is a live");
console.log(req.session.email);
console.log(req.session.role);
console.log(req.session.id);
res.write(req.session.email);
res.write(req.session.role);
} else {
console.log("login first");
res.render(__dirname+"/mailrequest.html");
}
});
The problem was that the variable ses was local and was undefined in '/dashboard' route whereas session is an object of the req(request) object.
And I suggest you to use http get request for dashboard instead of post.
I'm trying to learn how express session is used. I wrote the following code. When I visit the /session route from Postman, every time it shows following in console:
not set
vikaskumar
What I expect is vikaskumar only, after first request. I guess it is saving this string in session but not storing in memory store. But as per docs, the memory store is default, so it should save it automatically?
Here's the code:
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}));
app.use(function (req, res, next) {
var views = req.session.username;
if (!views) {
console.log("not set");
req.session.username = 'vikaskumar';
}
next();
});
app.get("/session", function(req, res){
console.log(req.session.username);
res.write(req.session.username);
res.end();
});
As mentioned in the comments, you need to use Postman Interceptor for cookies to work with Postman.
In Node.js / MongoDB I want to create an easy session and give it to another page so I can know if a user is logged in or not. I want to know if he/she can access the page or not. How can I do this?
How do I set a session and how do I get the value to check if I have to redirect the user?
Use Express.js session.
It's also worth taking a look at Passport.js which makes implementing authentication in Node.js really easy.
Express.js session example:
var express = require('express');
var session = require('express-session');
var app = express();
// Make sure this is defined before any of your routes
// that make use of the session.
app.use(session({
secret: 'keyboard cat',
cookie: { maxAge: 60000 },
resave: false,
saveUninitialized: false
}));
// Access the session as req.session
app.get('/login', function(req, res) {
req.session.user = 1;
res.end('User 1 is logged in, please go to the /discussion page.');
});
app.get('/discussion', function(req, res) {
var sess = req.session;
if (typeof sess.user === 'undefined') {
res.redirect('/login');
} else {
res.setHeader('Content-Type', 'text/html');
res.write('<p>user: ' + sess.user + '</p>');
res.write('<p>expires in: ' + (sess.cookie.maxAge / 1000) + 's</p>');
res.end();
}
});