Nodejs express interchangeable session stores - node.js

Is there a way to switch session stores on the fly with express?
Currently depending on default config my express app is using either redis or mongo to store sessions.
So my question: is there a way to switch session from using redis to mongo on the fly? In case if redis goes down.
I tried calling app.use(express_session({....})) again but it doest work. I think there must me some hook that will allow me to delete current session store and create|add new one. Not sure where though.

I don't think there's a way to "un-use" a mounted middleware after the app has started, but what you could do is write your own session store (a pretty simple api to follow) that handles switching between the two (or more) stores.

Related

Is there any solution to prevent the express sessions from drop every time you perform server restart without using RedisStore?

I can perform other operations on dashbord even server restart without reload the webpage
I am guessing you are not using any kind of persistence storage for your sessions. In that case the sessions are stored in memory of the express app. Hence a restart would drop all the sessions. You either need a cache like Redis or even postgres to persist your sessions.

Memcache v/s redis for maintaining persistent sessions?

I want to make persistent sessions on server i am using node.js with express and for that first i read about connect-redis enter link description here and connect-mongo enter link description here i read that redis is faster then mongo that's why i decided to use it but now i also find a module named memcached enter link description here i dont know which will be better for my project, also in mamcache is data stored in memory or where because if it is memory then it must be fastest.
If you have already setup Redis then I would stick with it as it is very fast and easy to manage. MemCached and Redis are very similar when used for caching however the key difference is that Redis can be set to persist to disk in the background meaning that if the server goes down the data in memory can be reloaded.
Personally, I would not use MongoDb for session persistence for speed reasons however if I was using MemCached I'd possibly use it as a backup for the sessions. e.g. Write session data to MemCached and Mongo but only read from MemCached and use Mongo to restore is an error occurs.
Bottom line, I think your choice to use Redis is the best one for what you've described

Node.js locking to one user at a time

I am building a really simple web application with Node.js. The purpose of this application is to allow a user to edit settings of some running computations from a browser. I would like to restrict the application to allow only one user at a time, so to avoid any conflicts. If another user connects to the application while some user is already there, the second one should be notified, that the application is in use by another user.
What is a preffered way to achieve this with Node.js?
I would recommend you build a simple session object ("model") that manages the connected users and only allows one connected session at a time. Perhaps sessions could timeout after 90 seconds of inactivity.
Here's a quick sessions tutorial which shows you how to use a raw session (req.session), a redis backend, or a mongodb backend. A basic express middleware could be used to manage the sessions and set a limit of 1.
If you want something more advanced, maybe look into Passport.

Going session-less with NodeJS

I've been doing a lot of research lately and it appears to me that going stateless serverside brings benefits to both performance & scalability.
I am although trying to figure out how to achieve session-less-ness on Node.JS. It seems to me that basically all I have to do is assign a token to a logged in user, so I would have something like this in my DB:
{ user:'foo#example.com', pass:'123456', token:'long_id_here' }
so that the token can be send with every HTTP request like this:
/set/:key/:val/:token
to be checked against aforementioned DB object. Is this what it is actually meant to be a session-less web service?
If this is the right way, then I do not understand things like token expiry, and other security issues. I would like to be pointed out to NPM package of some sort?
On a side note, is it best for a token, to use a hash of the user+password, or to assign a different one at every login?
The reason to go sessionless is that most default session implementations use an in-memory store. That means that the session information is stored in memory local to that instance. Most websites these days are scaling out as traffic increases. This means they add more servers and balance the load between the servers. The problem with in-memory session stores is your user can log into Server 1, but if their next request is routed to Server 2, they don't have a session created yet and will appear to be logged off.
You don't necessarily need to go sessionless to scale out with node or any other server side language. You just need to use a session that isn't in local memory that would be accessible to all nodes. If you're using something like Express or Connect, you can easily use a session implementation like connect-redis which will enable you to have a fast session store which is accessible to all of your node instances so it doesn't matter which one is hit.

Store sessions on disk

I can't setup redis server because i'm on windows.
How can I store the sessions on disk so they will persist through node restarts?
Also, do I have to restart node everytime I modify a JS file for the changes to go through?
Btw, I'm already using express for node. Express uses the memorystore which means that sessions reset everytime node restarts.
There are multiple solutions:
https://github.com/antirez/redis/issues/238 < actually Redis got a patch so it can be built on Windows, may not be perfect but works
Make an account on https://redistogo.com/ , they provide a free database of 5Mb (which is ok if you just want to test out some things)
You can use something like connect-cookie-session, so that you store the session into the cookie (this is ok if you are just developing stuff and need to have durable sessions, and then use Redis into production)
Also, do I have to restart node everytime I modify a JS file for the changes to go through?
There are dedicated modules for that, one of the most popular being node-supervisor. Read the docs on their official page, it's really easy to use.
How can I store the sessions on disk so they will persist through node
restarts?
To be honest I have only used redis as my session-store, but you could also try to use(also found using http://search.npmjs.org:
mongodb as your session store.
supermarket-cart which I believe uses supermarket under the covers.
connect-fs: https://www.npmjs.com/search?q=connect-fs
connect-mysql-session: A MySQL session store for node.js connect.
connect-cookie-session: Connect middleware to allow you to store your sessions directly in the client's cookie.
Also, do I have to restart node everytime I modify a JS file for the
changes to go through?
Will answer this later!
You can use a cloud-based redis like http://redis4you.com/

Resources