i am using express framework, in my requirement have to maintain a login server and content server, a user can login from one server and then searching the content's from other server.
any best idea to implement this concept? and please share, how to share the user's data while connecting or redirecting to another server?
If you are creation sessions on logging, then you can session across multiple node process/servers using extenal session store service.
Search on Express session stores.
You can store session on mongodb/redis or any other.
Redis Session Store example : http://blog.arisetyo.com/?p=492
Related
I'm new to whole authentication/authorization part in web development. Specifically JWT. So I came across a medium post explaining the fundamentals of JWT. There was a diagram which showed how the web server and authentication server had no direct communication, AFTER a JWT token had been issued by the authentication server.
So, my 3 questions are:
What's the difference between the authentication server and the web server?
Is the authentication server, the database server?
And, since you are going to take user data(e.g password/username) from the
client(browser/user), to which server do you write the code to? authentication or web?
Because NodeJS/Express allows you to write the app server code right?
1 - An auth server is usually part of a microservice architecture, if you do not have to scale you can have a simple authentification middleware in your web server.
2 - The auth server is a server usually part of a microservice architecture which role is to authentificate requests and act as a gateway to the rest of the microservices.
3 - Depends if you want to scale or not. If you want to separate auth and the rest of the apis, there are multiple ways to scale.
Hope it helps =)
What's the difference between the authentication server and the web server?
These are two separate servers. Two different programs, potentially running on two (or more) different machines. With different purposes and responsibilities.
Is the authentication server, the database server?
No. For all you know the auth server may not use db at all. For example it can store all the data directly in files, or even in memory. Although, in practice there will be some db behind it. Auth server is just a server with a special purpose: user authentication (as the name suggests).
And, since you are going to take user data(e.g password/username) from the client(browser/user), to which server do you write the code to? authentication or web? Because NodeJS/Express allows you to write the app server code right?
Write code? Both? Depends on whether you implement the auth server by yourself or not. I'm not sure I get that question.
The point is that user credentials should be send to the auth server and the auth server is responsible for validation, secure storage and token issuing. So that other servers (in particular the one you call "web") don't have to worry about it.
I have multiple front-end & back-end apps running on different subdomains of the same domain. On the main front-end app I want to build a thing to switch between subdomains but also keep the session.
I've tried to:
use express-session
do some tricks with the JWT authentication
localStorage is not going to work as it is persistent on only 1 URL
but still can't figure out:
Is it possible to have a session shared across multiple subdomains?
What is the best solution to have a shared session across multiple subdomains?
The technologies I use:
Front-end: React JS
Back-end: Node & Express JS
To share sessions across sub-domains, you need to configure two things.
You need the proper cookie settings for the session cookie so that the browser will send the same session cookie to both sub-domains. This involves setting the domain attribute on the cookie to the root domain. You can set this in the cookie options for the express-session configuration.
You need to make sure that the server for each sub-domain has access to the same session store. If it's actually the same server for each sub-domain, then that's easy. But, if it's a different server, then you will need a shared session store, using some type of shared database (redis, mongodb, etc...). There are session store implementations for many different databases.
Luckily we're working on same project these days with with Nextjs as frontend and nodejs express as backend API.
We use cookies to manage the session on sub domains.
But to maintain the session on sub domains we use middleware in nextjs which on every page check for the session using token and user id.
On login send token, userid as parameters in url based on which user data get from api and saved that subdomain.
On logout removing cookies and sending paramter to tell the main domain to remove the saved cookies which completely clean the session.
This is how we maintain the auth session on multiple domains.
Hope this will helps.
If you find other way better then this i would like to know.
I have some 30 different applications written in node js (expessjs). I am building single login for all, if user login into one app then he can access all other apps with one session, I am sharing session secret on all apps for that,
Problem is req.session is now shared with all apps, if any app store anything in session for local use of that app is also share will all apps,
I want to resolve this problem something like two sessions etc one can be shared will all apps and one for local use of that app.
Anyone have any idea please share.
Module used
express-session, cookie-parsor, redis-store
[MODIFIED]
Local data also need persistent, since few apps have multiple instances.
First case is session flash data
Second case is user permission details
Thanks
I have several apps with node.js & passport using oauth (openstreetmap oauth).
e.g.
domain.com/app1
domain.com/app2
There is a proxy distributing the requests to each app.
I have tried to use the same secret & key in both apps, but as soon as I open one app, I have to login again.
I store the session with connect-pg-simple.
What could be an approach to use the oauth login and "session" from both app? Of course both apps needs the sessions to store additional data.
Would it be a solution to have a shared session table (every app has his own postgres database) ? but i assume this can result in merging data problems, when both apps want to update the store ?
My idea is to provide several small node.js / postgres apps, not depending on each other, but using the same comfortable oauth login.
I'm planning on making an android application that sends user data to a web server and stores it temporarily in a database. Now I've never worked with databases or web servers before, but after reading a bunch of tutorials and a few days of hacking away I managed to get a node.js server with mongodb up and running on the openshift platform.
Right now anyone can interact with the database just by sending a GET request or even just pulling up the url in a browser. Is there a way to prevent that by happening or would I have to maybe encrypt the data myself before storing it?
You describe a typical web application using REST APIs. To secure it, do two things:
Deploy your REST APIs (or the entire site) using HTTPS instead of HTTP. This provides end to end encryption so your sensitive data cannot be viewed while in transit
Add an authentication and authorization mechanism, so that only authenticated endpoints can access your REST APIs.