Develop Reference

How to set up mongoose and connect-mongo?

I had an Error setting TTL error when starting my application in express. Maybe the problem is because I use for sessions and for db operations the same database through different connections.
So it there a specific sequence of requiring connect-mongo and mongoose that needs to be respected if I want to store my sessions in mongodb via the connect-mongo middleware and use mongo as my database for my app specific data?
Currently my app looks like this:
App.app.use(express.session({
store: new MongoStore({
db: settings.cookie.db,
host: settings.cookie.host,
port: settings.cookie.port
}),
secret: settings.cookie.secret
}))
and later I set start the connection for mongo:
function connect(connectionString) {
mongoose.connect(connectionString)
var db = mongoose.connection
db.on('error', console.error.bind(console, 'connection error'))
db.once('open', function callbck() {
console.log('Mongoose connected at: ', connectionString)
})
}
There are no error logs apart
Also how do I tear down properly mongo connections when I close my app (from command line let's say)? For this question I found the answer here I think.

First of all i've created a sessionStore module
var mongoose = require('mongoose'),
express = require('express'),
MongoStore = require('connect-mongo')(express),
sessionStore = new MongoStore({mongoose_connection: mongoose.connection});
module.exports = sessionStore;
Then i've included it into app
sessionStore = require('libs/sessionStore');
And finaly
app.use(express.session({
secret: config.get('session:secret'),
key: config.get('session:key'),
cookie: config.get('session:cookie'),
store: sessionStore
}));
That's config
"session": {
"secret": "secret",
"key": "connect.sid",
"cookie": {
"path": "/",
"httpOnly": true,
"maxAge": null
}
},

req.session undefined with Redis/Express

I switched from memorystore to using Redis and I also use MongoDB locally.
Similar posts that I have read are not relevant or helpfull.
Basicly, if the router function try's to set a value to req.session the node app shuts down.
I am new to Redis, so maybe it is something obvious that I don't see?
// in app
var app = express();
var cookieParser = express.cookieParser('secret');
app.configure(function () {
app.use(express.bodyParser());
app.use(cookieParser);
app.use(express.session({secret: 'secret', store: othermodule.getSessionStore()}));
// othermodule
var RedisStore = require('connect-redis')(express);
var sessionStore = new RedisStore({
host: 'localhost',
port: 6379,
db: 2,
pass: 'RedisPASS'});
thanks

Try removing the password in your options you pass to RedisStore.
If you want you can require the clients to give a password when connecting. But by default no password is required for clients to connect. If no password is required and you give a password, the client will try authenticating using the given password which will cause a connection failure. The fallback to using no password is not allowed at the client. Because of which you were getting session as undefined.
See here and here for configuring passwords.

How to save and retrieve session from Redis

I am trying to integrate Redis sessions into my authentication system written in Node.js.
I have been able to successfully set up Redis server, connect-redis and Express server.
Here is my setup (just the important bit):
var express = require("express");
var RedisStore = require("connect-redis")(express);
var redis = require("redis").createClient();
app.use(express.cookieParser());
app.use(express.session({
secret: "thisismysecretkey",
store: new RedisStore({ host: 'localhost', port: 6379, client: redis })
}));
Now... How do I actually create, read and destroy the session? I am aware that that is probably extremely simple. I have read tons of articles on how to setup connect-redis and many questions here on SO, but I swear each one stops on just the configuration and does not explain how to actually use it...

That should be all there is to it. You access the session in your route handlers via req.session. The sessions are created, saved, and destroyed automatically.
If you need to manually create a new session for a user, call req.session.regenerate().
If you need to save it manually, you can call req.session.save().
If you need to destroy it manually, you can call req.session.destroy().
See the Connect documentation for the full list of methods and properties.

Consider this code.
var express = require('express');
var redis = require("redis");
var session = require('express-session');
var redisStore = require('connect-redis')(session);
var bodyParser = require('body-parser');
var client = redis.createClient();
var app = express();
app.set('views', __dirname + '/views');
app.engine('html', require('ejs').renderFile);
app.use(session({
secret: 'ssshhhhh',
// create new redis store.
store: new redisStore({ host: 'localhost', port: 6379, client: client,ttl : 260}),
saveUninitialized: false,
resave: false
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.get('/',function(req,res){
// create new session object.
if(req.session.key) {
// if email key is sent redirect.
res.redirect('/admin');
} else {
// else go to home page.
res.render('index.html');
}
});
app.post('/login',function(req,res){
// when user login set the key to redis.
req.session.key=req.body.email;
res.end('done');
});
app.get('/logout',function(req,res){
req.session.destroy(function(err){
if(err){
console.log(err);
} else {
res.redirect('/');
}
});
});
app.listen(3000,function(){
console.log("App Started on PORT 3000");
});
So you need to install connect-redis and pass your express-session instance to it.
Then in middleware initialize redisStore with server details like this.
app.use(session({
secret: 'ssshhhhh',
// create new redis store.
store: new redisStore({ host: 'localhost', port: 6379, client: client,ttl : 260}),
saveUninitialized: false,
resave: false
}));
I put ttl to 260, you can increase. After TTL reaches its limits, it will automatically delete the redis key.
In routers you can use req.session variable to SET, EDIT or DESTROY the session.
One more thing...
If you want custom cookie i.e not as same as in your Redis store you can use cookie-parser to set cookie secrets.
Hope it helps.
link : https://codeforgeek.com/2015/07/using-redis-to-handle-session-in-node-js/

You can also use the Redis monitor tool to see all the action in real time! When you refresh your app you will see the data appear in the console window.
redis-cli monitor
Sample Output for Sessions using tj/connect-redis
1538704759.924701 [0 unix:/tmp/redis.sock] "expire" "sess:F9x-YgbgXu1g7RG8tFlkwY3RV0JzHgCh" "3600"
1538704759.131285 [0 unix:/tmp/redis.sock] "get" "sess:F9x-YgbgXu1g7RG8tFlkwY3RV0JzHgCh"
1538704787.179318 [0 unix:/tmp/redis.sock] "set" "sess:Hl3LPbOBdKO44SG4zQHFn2gfdiWTwzWW" "{\"cookie\":{\"originalMaxAge\":3600000,\"expires\":\"2018-10-05T02:59:47.178Z\",\"secure\":true,\"httpOnly\":true,\"domain\":\".indospace.io\",\"path\":\"/\"},\"path\":\"/\",\"userAgent\":{\"family\":\"NewRelicPingerBot\",\"major\":\"1\",\"minor\":\"0\",\"patch\":\"0\",\"device\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"},\"os\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"}},\"ip\":\"184.73.237.85\",\"page_not_found_count\":0,\"city\":\"Ashburn\",\"state\":\"VA\",\"city_state\":\"Ashburn, VA\",\"zip\":\"20149\",\"latitude\":39.0481,\"longitude\":-77.4728,\"country\":\"US\"}" "EX" "3599"
1538704787.179318 [0 unix:/tmp/redis.sock] "set" "sess:Hl3LPbOBdKO44SG4zQHFn2gfdiWTwzWW" "{\"cookie\":{\"originalMaxAge\":3600000,\"expires\":\"2018-10-05T02:59:47.178Z\",\"secure\":true,\"httpOnly\":true,\"domain\":\".indospace.io\",\"path\":\"/\"},\"path\":\"/\",\"userAgent\":{\"family\":\"NewRelicPingerBot\",\"major\":\"1\",\"minor\":\"0\",\"patch\":\"0\",\"device\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"},\"os\":{\"family\":\"Other\",\"major\":\"0\",\"minor\":\"0\",\"patch\":\"0\"}},\"ip\":\"184.73.237.85\",\"page_not_found_count\":0,\"city\":\"Ashburn\",\"state\":\"VA\",\"city_state\":\"Ashburn, VA\",\"zip\":\"20149\",\"latitude\":39.0481,\"longitude\":-77.4728,\"country\":\"US\"}" "EX" "3599"

redis session not working on server

I am using redis for session in my node.js express app. It works fine on my dev box, but on production, it seems redis sessions are not being saved.
I'm not seeing any kind of error, other than I cannot login.
Redis is running w/ same configuration. But when I run redis-cli and type 'select 1' (the db) and KEYS '*' I get nothing.
var RedisStore = require('connect-redis')(express);
app.use(express.session({
store: new RedisStore({
host: cfg.redis.host,
db: cfg.redis.db
}),
secret: 'sauce'
}));
cfg.redis.host is localhost
and cfg.redis.db is 1
This is the error I get when I run redis-cli monitor
Error: Protocol error, got "s" as reply type byte

A few suggestions. Are you sure Redis uses the same port and password in production? If you're using SSL with a service like Heroku, you need to set proxy: true to have Express treat cookies that arrive after after earlier SSL termination.
.use(express.session({
store: new RedisStore({
port: config.redisPort,
host: config.redisHost,
db: config.redisDatabase,
pass: config.redisPassword}),
secret: 'sauce',
proxy: true,
cookie: { secure: true }
}))
I require the following config.js file to pass on Redis config values:
var url = require('url')
var config = {};
var redisUrl;
if (typeof(process.env.REDISTOGO_URL) != 'undefined') {
redisUrl = url.parse(process.env.REDISTOGO_URL);
}
else redisUrl = url.parse('redis://:#127.0.0.1:6379/0');
config.redisProtocol = redisUrl.protocol.substr(0, redisUrl.protocol.length - 1); // Remove trailing ':'
config.redisUsername = redisUrl.auth.split(':')[0];
config.redisPassword = redisUrl.auth.split(':')[1];
config.redisHost = redisUrl.hostname;
config.redisPort = redisUrl.port;
config.redisDatabase = redisUrl.path.substring(1);
console.log('Using Redis store ' + config.redisDatabase)
module.exports = config;

nodejs session storage

In the connect-mongodb module we can store session in MongoDB like this:
var connect = require('connect')
, Db = require('mongodb').Db
, Server = require('mongodb').Server
, server_config = new Server('localhost', 27017, {auto_reconnect: true, native_parser: true})
, db = new Db('test', server_config, {})
, mongoStore = require('connect-mongodb');
connect.createServer(
connect.bodyParser(),
connect.cookieParser(),
connect.session({
cookie: {maxAge: 60000 * 20} // 20 minutes
, secret: 'foo'
, store: new mongoStore({db: db})
})
);
In the example above we have to use native mongodb stuff. In my nodejs project I use mongoose 2.4.1 so how should rewrite that code to use mongoose?
Thanks!

If you are using mongoose and you used mongoose.connect, you can get the connection at
mongoose.connection
So to configure the session store you can use this form
var mongoose = require('mongoose'),
mongoStore = require('connect-mongodb');
...
mongoose.connect(host,databaseName,port);
// mongoose.connect('mongodb://host:port/databaseName');
...
connect.session({
secret: 'your secret key',
cookie: { maxAge : 60*15*1000}, // 15 minutes, in milliseconds
store: new mongoStore( { db : mongoose.connection.db })
})

You have no reason to do that, just use sessions with connect-mongodb which has all the 'Session Store' Express functionality implemented. Use Mongoose for everything else which requires db storage, but leave the sessions for connect-mongodb.
Here's a real example that does that: https://github.com/alexyoung/nodepad

Mongoose should expose the connection somehow.

If you use connect-mongo, pass your mongoose connection like this:
var express = require('express');
var MongoStore = require('connect-mongo')(express);
new MongoStore({ mongoose_connection: mongoose.connection })
And everything will work as you'd expect.