I found that if middleware in app.js were in the wrong order , they wouldn't work well.
For example:
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs'); //
app.use(favicon());
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded()); //
app.use(express.static(path.join(__dirname, 'public')));
app.use('/', routes);
app.use('/users', users);
//the codes below don't work
//set Cookie
app.use(cookieParser());
app.use(session({
secret:setting.cookieSecret,
key: setting.db,
cookie:{maxAge:1000*3600*24*30},
store: new MongoStore({db:setting.db}),
saveUninitialized: true,
resave: true
}) );
//use 'connect-flash'
app.use(flash());
If the code app.use(flash()) isn't moved after app.set('view engine', 'ejs');, the page will show TypeError: Object #<IncomingMessage> has no method 'flash'.
What's more,if I just move app.use(flash()) it creates the error req.flash() requires sessions but the error goes away if I move cookieParse() and session() to follow urlencoded().
Editing the first code example to this no longer creates errors:
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
//changed
app.use(flash());
app.use(favicon());
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
//changed
app.use(cookieParser());
app.use(session({
secret:setting.cookieSecret,
key: setting.db,
cookie:{maxAge:1000*3600*24*30},
store: new MongoStore({db:setting.db}),
saveUninitialized: true,
resave: true
}) );
app.use(express.static(path.join(__dirname, 'public')));
app.use('/', routes);
app.use('/users', users);
So I want to know :
Is there a mandatory order that the middleware and configuration in app.js must follow?
Yes. The order you call middleware or configuration in Express is important. From the express api docs:
The order of which middleware are "defined" using app.use() is very
important, they are invoked sequentially, thus this defines middleware
precedence.
This is why you get the different errors as you move the different app.use lines around.
For example, if you are using connect-flash for your flash() function, connect-flash requires both cookieparser and session middleware to be loaded first. There is an order dependency -- cookieparser, then session, then flash.
Order is also important for routing. See the New features in Express 4.x and this stackoverflow answer for details and discussion.
Therefore, when using express, check the documentation to be sure you meet order-based dependencies for middleware and routes (when applicable).
Related
My express V4 app doesn't give me the correct value of the sessions instead just returns undefined. My app was structured and built using express-generator and this is my app.js file.
var express = require('express'),
path = require('path'),
bodyParser = require('body-parser'),
routes = require('./routes/index'),
app = express(),
compression = require('compression'),
session = require('express-session');
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');
app.set('view cache', true);
app.enable('trust proxy');
app.use(session({
secret: "Share3na Network!195",
resave: true,
saveUninitialized: true,
cookie: { secure: true, httpOnly: true }
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(compression());
app.use(express.static(path.join(__dirname, 'public')));
app.use('/', routes);
And these are the routes the take the session value and send it back.
router.get('/getmask', function(req,res){
res.send(req.session.mask);
});
//GET the mask during event body load
router.get('/sendmask', function(req,res){
req.session.mask = striptags(emojiStrip(req.query.m));
});
In another route when I append the requests' IP address with the session value: req.ip() + req.session.mask, what gets saved in the database is "123.456.789undefined"
You need to save the session values after modification. The documentation for the same can be seen in the README of the package.
//GET the mask during event body load
router.get('/sendmask', function(req,res){
req.session.mask = striptags(emojiStrip(req.query.m));
req.session.save();
});
Express-session is creating a new session (new sessionID) for new request. And it happens intermittently, for example sometimes for first 3-4 hits it will work fine and keep using same existing session and on 4th hit it will create a new one, Sometimes it will create new session on first request itself.
Also this Issue comes on my hosted website. It works fine on localhost.
Things that i have already tried and are not working..
Express session is created after static file routes.
Express session secret and cookieParser secret are set to same.
Using app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'))); for favicon.
Setting very high value for max-age field while creating cookie.
Below is my app.js snippet -
var passport = require('passport');
var expressSession = require('express-session');
var app = express();
app.engine('hbs', hbs.express4({
partialsDir: __dirname + '/views/partials'
}));
app.set('view engine', 'hbs');
app.set('views', path.join(__dirname, 'views'));
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));
var flash = require('connect-flash');
app.use(flash());
var initPassport = require('./passport/init');
initPassport(passport);
//app.use(bodyParser.urlencoded());
app.use(cookieParser('mysecret'));
app.use(expressSession({ secret: 'mysecret', name:'user', cookie: {maxAge: 60000000}}));
app.use(passport.initialize());
app.use(passport.session());
Any kind of help would be greatly appreciated. Thanks.
why don't you use MongoStore to store session data? may be that will solve your problem.
app.use(session({
secret: 'mysecret',
resave: false,
saveUninitialized: false,
expires: new Date(Date.now() + (60 * 60 * 24 * 7 * 1000)),
cookie: { } ,
store: new MongoStore({mongooseConnection: mongoose.connection})
}));
For those landing here for a similar multi session creation, I solved my issue by setting this flag in the session middleware to false. It saves your cookie in DB only when it has been updated with some additional data like an email for example. `
saveUninitialized: false
I have an express application that uses passport for OAuth. I have it working successfully with Google and Facebook. My problem is that I can get req.user on controller functions where the routes are configured like this:
router.post('/', auth.isAuthenticated(), controller.create);
but when I try to access the user info from a controller function that doesn't require authentication, req.user is undefined even though the user is logged in. What am I doing wrong here?
and here is how express and passport are configured:
module.exports = function(app) {
var env = app.get('env');
app.set('views', config.root + '/server/views');
app.engine('html', require('ejs').renderFile);
app.set('view engine', 'html');
app.use(compression());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(methodOverride());
app.use(cookieParser());
// Persist sessions with mongoStore
// We need to enable sessions for passport twitter because its an oauth 1.0 strategy
app.use(session({
secret: config.secrets.session,
resave: true,
saveUninitialized: true,
store: new mongoStore({ mongoose_connection: mongoose.connection })
}));
app.use(passport.initialize());
app.use(passport.session());
.
.
.
I was reading in upgrading to express 4 that the order of app.use has to come after my app.get and app.post routes.
app.set('port', process.env.PORT || 3000);
app.set('views', path.join(__dirname, 'public'));
app.set('view engine', 'hjs');
// Initialize Passport! Also use passport.session() middleware, to support
// persistent login sessions (recommended).
app.use(passport.initialize());
app.use(passport.session());
//app.use(favicon(path.join(__dirname,'public','images','favicon.ico')));
app.use(cookieParser());
//app.use(express.json());
//app.use(express.urlencoded());
app.use(session({
secret: 'keyboard cat',
saveUninitialized: true,
resave: true
}));
//authentication
app.get('/app', ensureAuthenticated,appRoutes.app);
app.get('/app/:name', ensureAuthenticated,appRoutes.main);
app.get('/views/app/:name', ensureAuthenticated, appRoutes.index);
app.get('/views/app/:name/*', ensureAuthenticated, appRoutes.partials);
app.get('/',routes.home);
app.use(express.static(path.join(__dirname, 'public')));
app.use(morgan('dev'));
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(bodyParser.json());
app.use(methodOverride());
http.createServer(app).listen(app.get('port'), function() {
console.log('Express server listening on port ' + app.get('port'));
});
I upgraded and now my passport authentication is not working. I moved it above the routes and below and either way I get no error just does not authenticate and set a session.
I was reading in upgrading to express 4 that the order of app.use has to come after my app.get and app.post routes.
Nonsense ! Where did you read that ?
The only thing that comes close to what you're saying is this line from Expres 3.x to 4.x Migrating Guide :
app.router has been removed. Middleware and routes are now executed in the order they're added. Your code should move any calls to app.use that came after app.use(app.router) after any routes (HTTP verbs).
But it does not mean that every app.use call should go after the routes (HTTP Verbs). Only the ones that you used to put after app.use(app.router) in your old Express 3.x code. Is that more clear ?
Regarding your issue, from Passport's docs :
Note that enabling session support is entirely optional, though it is
recommended for most applications. If enabled, be sure to use
express.session() before passport.session() to ensure that the login
session is restored in the correct order.
So you should change :
app.use(passport.initialize());
app.use(passport.session());
//app.use(favicon(path.join(__dirname,'public','images','favicon.ico')));
app.use(cookieParser());
//app.use(express.json());
//app.use(express.urlencoded());
app.use(session({
secret: 'keyboard cat',
saveUninitialized: true,
resave: true
}));
to :
//app.use(favicon(path.join(__dirname,'public','images','favicon.ico')));
app.use(cookieParser());
//app.use(express.json());
//app.use(express.urlencoded());
app.use(session({
secret: 'keyboard cat',
saveUninitialized: true,
resave: true
}));
app.use(passport.initialize());
app.use(passport.session());
Hope that helps.
In express app.js I define uploadDir = "./tmp", but how can I access it later?
app.configure(function(){
app.set('port', process.env.PORT || 3000);
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.favicon());
app.use(express.logger('dev'));
app.use(express.bodyParser({uploadDir:'./tmp', keepExtensions: true})); // <--
app.use(express.methodOverride());
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
});
Arguments to middleware like bodyParser go straight through to the middleware. All of the Express middleware is provided by Connect, so it doesn't even know anything about Express. The uploadDir is captured in the multipart closure of the multipart middleware. It is stored via the closure, and never stored anywhere else, or passed to Express, so the only way to access the original value is to access it as part of the options object initially passed in. There is no other way.
If you want that value to be accessible by reading from app(as you said in your comment), then you should set it on there yourself separately. That said, this method is a bit ugly and means that you have to set the value twice.
app.set('uploadDir', './tmp');