If I am using the default express session store with the same keys on different web servers behind a load-balancer will I need sticky sessions for them to work?
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}));
Or will I have to use a persistent store like Redis? I do not want to use sticky sessions.
Related
I have a Node.js API on api.com that authenticates users based on Sessions. How can I save session from api in api.com to client.com?
For example; I'm going to send a request from client.com to api.com and add a session cookie to client.com from the api on api.com.
My session settings;
app.use(session({
secret: process.env.SECRET,
resave: false,
saveUninitialized: false,
store
}))
i'm working on micro services with express js with express-session set up like this:
server.use(session({
name: 'apps',
resave: false,
saveUninitialized: false,
secret: 'secretToken',
cookie: {
sameSite: false,
secure: false, // true
httpOnly: false, // false
}
}));
i apply the same setup with all services.
but then it's only work with just only one services. other services can't share the same data from other service, i'm putting access token in the req.session to let other apps having the same access token.
Is there a way for me to let different service using the same session?
The default server-side session storage is MemoryStore. Which means each service store the session data on their own process. Memory cannot be shared between different processes.
In order for microservices to share session data, we need separate storage, such as connect-redis, connect-mongo.
All microservices connect the redis or database server and use them as session data storage when initializing express-session middleware.
Workflow:
Client send HTTP request(with session id stored in a cookie) => Service A or Service B or Service C => express-session get the session data from redis or database by session-id => do your things.
Basically, I have a sign-in form, running on AUTH.domain.com and I create a session (saved in cookie) for the logged users. Then I redirect the user to APP.domain.com, and I need his session to be passed also to this subdomain, but we can't figure, how to do that.
Authorization works with passport.js, and session set from passport.js
I tried set domain option on cookies middleware and set res.sessionOption.domain = '.domain.com'. But this does work.
app.use(cookiesession({
secret: 'secretstring',
saveUninitialized: false,
resave: true,
domain: '.domain.com'
}));
app.use(passport.initialize());
app.use(passport.session());
req.sessionOptions.domain = '.domain.com';
Try setting the domain to domain.com (note the omission of the preceding .)!
I am using passport.js local strategy for login but not being able to set session. I have two servers i.e. localhost:3000 is for node and another is localhost:4200. Here I want to set session on request from localhost:4200.
How your session is configured ??
Here's an example of how you can do it.
app.use(session({
secret: 'some secret that must not be explicit in code',
saveUninitialized: true,
resave: true,
store: new MongoStore({
mongooseConnection: mongoose.connection
})
}))
I'm using express-session for my app. Cookies are set and users are authorised when deployed on Heroku which by default serves the app on a secure connection. When working locally on localhost with a non https connection the session is not initialised thus causing me to get a 401 back everytime. I cannot find any answers for this. My code is as follows:
app.use(session({
name: consts.SESSION_COOKIE_NAME,
secret: consts.SECRET_KEY,
saveUninitialized: false,
resave: true,
cookie:{
httpOnly: true,
secure: false
}
}));