This is giving me a huge headache, the CSRF cookie is working correctly but I've seemed to have broken something and cannot get the sessions to start. Any help would be appreciated.
EDIT: I forgot to mention, I am using Nginx as a reverse proxy server which is forwarding to my Node server which is accepting all requests from Nginx with HTTPS, as I heard you need to in order to have secure sessions.
var express = require('express'),
path = require('path'),
cookieParser = require('cookie-parser'),
session = require('cookie-session'),
csrf = require('csurf'),
bodyParser = require('body-parser');
var app = express();
app.enable('trust proxy', 1);
app.use(session({
secret: 'supersecret!',
name: 'session_id'
}));
app.use(cookieParser('supersecret!'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
I fixed the issue just so everyone knows, very simple actually.
I switched to express-session and set it up as it says in the docs and now everything is working perfectly! Thanks for the help everyone!
Related
there I am trying to store cookies using the post method using nodejs, cookies are not stored on the browser end currently node server is running on localhost 3001 and react server is running on port 3000
the code what I have written mentioned below
Can anybody please suggest me to fix the issue
const express = require("express")
const app= express()
const cookieParser = require('cookie-parser');
const cors = require("cors")
const port = process.env.port || 3001
app.use(cors())
app.use(express.json())
app.post("/names",async(req, res)=>{
console.log("Ho")
res.cookie("auth","nagendran")
res.json({msg:"Hello"})
})
Edit: Looks like cross origin requests needs quite some work to get cookies right. Take a look here.
Set cookies for cross origin requests
It is unclear what are the correct configuration parameters to use are in the situation of using Redis Cloud and Heroku, and can't find a functioning example online.
Here is my current code:
const express = require('express')
const session = require('express-session')
const RedisStore = require('connect-redis')(session);
...
const server = express()
server.use(bodyParser.json())
server.use(bodyParser.urlencoded({ extended: false }))
server.use(cookieParser())
server.use(session({
secret: token_secret,
// create new redis store.
store: new RedisStore({ url: 'redis://rediscloud:...#...redislabs.com:11111'}),
resave: true,
saveUninitialized: true
}));
Should I have resave and saveUnitialized set to true or false in the case of Redis Cloud and Heroku as the session store (using express-session)?
Additionally, does the cookieParser affect the session and need to be there? Or is that separate and only to parse the cookie that is coming from the client, and unrelated to the server-side session storage with Redis? Also, should the cookie parser have a secret passed into the function?
And finally, should bodyParser come before or after the server.use(session), and should urlencoded extended be set to true or false?
Let's go by parts, as Jack the Ripper said...
It is unclear what are the correct configuration parameters to use are
in the situation of using Redis Cloud and Heroku, and can't find a
functioning example online.
RedisCloud on Heroku (Node Express Example) # GitHub
Should I have resave and saveUnitialized set to true or false in the
case of Redis Cloud and Heroku as the session store (using
express-session)?
app.use(expressSession({resave: false, saveUninitialized: false})) reduces the number of times the session store will be accessed. This benefits hardware resources and performance (Normally is better to set them to false).
Additionally, does the cookieParser affect the session and need to be
there?
Not anymore : express-session middleware, used to require cookie-parser, (but the current version of express-session reads/writes cookies directly).
And finally, should bodyParser come before or after the
server.use(session)
The body-parser middleware parses the bodies of incoming HTTP requests. Populating the req.body property which is then available in your routes and middlewares. So the order doesn't influence the behaviour.
and should urlencoded extended be set to true or
false?
The parsers you will need depend on the request types your server has to deal with.
The difference regarding extended: false and extended: true is already explained in this answer.
I am developing a website heavily embedded with user authentication (using passport). I also have nodemon reloading the server after each server change. However it is quite tedious to have to log in as a user each time to test a new change. Is there a way to avoid having to constantly log in as a user to test every single new server change? I can not find any npm modules that fake a persistent user or solve the problem. Thanks!
The Answer - If you are in a similar situation use this code.
Came back with a solution that works, so for anyone who sees this post in the future. This is how you get simple persistent user authentication. With passport. This assumes you have strategies in place already, and as just tring to make the users stay after server restarts.
var bodyParser = require('body-parser')
var mongoose = require('mongoose');
var session = require('express-session');
var cookieParser = require('cookie-parser');
const MongoStore = require('connect-mongo')(session);
app.use(session({
resave: true,
saveUninitialized: true,
secret: 'add-secret',
store: new MongoStore({
url: process.env.MONGODB_URI || "mongodb://localhost/add-url",
autoReconnect: true,
clear_interval: 3600
})
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
Yup - it sounds like that's EXACTLY what you want: a "mock authentication" module (for testing purposes only).
Here are two possibilities; you might also consider writing your own:
passport-stub
passport-mocked
I've been looking for authentication in nodeJs. I've looked at PassportJs and Everyauth. Both of them had old documentation and old version of express used. Things that depreciated in express 4+.
app.use(express.cookieParser());
app.use(express.bodyParser());
I had a look at this question, which had nice answers. But had no success implementing them on PassportJs or Everyauth. So does anyone know an method to implement this ? or can anyone give me an authentication tutorial for express 4+ nodeJs authentication ?
Should work like this:
var bodyParser = require('body-parser'),
cookieParser = require('cookie-parser'),
express = require('express'),
session = require('express-session'),
passport = require('passport');
var app = express();
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
secret: 'secrit cat',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
Scotch.io has updated its tutorial series "Easy node authentication" :
These are the changes regarding passport :
• Easy node authentication with ExpressJS 4.0
I am giving a look at the node.js web framework Locomotive. Since it is built on top of Express, I suppose Connect middleware should be easily accessible, but I can't find out how.
I added 2 lines to config/environments/all.js:
this.use(express.cookieParser());
this.use(express.session({ secret: 'keyboard cat'}));
Where is the session object now?
I found out by myself. It was quite easy:
var express = require('express');
var sess = express.session;