I am looking to implement cookiestore in my Express app, I followed this question
Best Session Storage Middleware for Express + MongoDB
and
https://github.com/kcbanner/connect-mongo
for my Express 3.x project, but for Express 4, connect middleware is deprecated.
Which is the suitable alternative for connect-mongo?
Middleware has been extracted out of the core and moved individual modules. This changes how you set up the app but you have the option to use the same middleware as before. The overview explaining how to migrate from 3.x to 4.x lists the modules that can be used as replacements for the Connect middleware.
The syntax will be slightly different as you explicitly install the modules, such as express-session, and the app.use statements are modified to reflect this. The options you pass to these modules, however, are the same as it was with the Connect middleware...so you can pass your connect-mongo details to express-session and keep rolling along.
So you don't have to change unless there's another problem that isn't clear in your original question...and there could be other problems if you have a large, established app. But if you are following a tutorial, you should be early enough in the process that this won't be a major issue.
Edit: It looks like there's also been discussion about Express 4 on the connect-mongo github page. There are more examples there about how to use this module with the new version of Express...
Edit 2: The code, referenced a few times on the github page, looks like this:
var session = require('express-session');
var MongoStore = require('connect-mongo')(session);
app.use(session({
secret: 'youshouldputyourownsecrethere',
store: new MongoStore({
db : mongoose.connection.db,
})
}));
Related
I'm developing a node.js app and I use nodemon to run it. My question is how I do to keep the session open when I make a change in the server, and nodemon reboot.
This answer assumes that you're using Express or Koa, two of the more popular node.js web frameworks.
In your application, you probably have a line that says the following.
Express 4
var app = require( 'express' )()
var session = require( 'express-session' )
app.use( session() ) // this is the session middleware
KoaJS
var app = require( 'koa' )()
var session = require( 'koa-session' )
app.use( session() ) // this is the session middleware
The guiding wisdom in web applications is to make the world-facing side of it as stateless as possible. This means that your node.js server holds no information between requests and can be destroyed and restarted anytime.
A session is a very stateful thing. Because of this, you need to store session data in something designed to keep the data uncorrupted in the long run. This is most commonly done through a database (more secure) or a browser cookie (less secure).
The express-session module holds session information in memory by default. This violates the stateless ideals and will lose session information on reboot.
The koa-session module uses cookies by default. This is stateless, but raises some security concerns in that it may be possible for users to modify their own session variables, so don't use this for billing or other sensitive operations.
In both of the above modules, you can override the defaults with your own session store.
Redis Session Store
I normally store session data in a database like redis.
Express
This can be easily wired into express with a module like connect-redis.
Quoting from the Readme:
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
app.use(session({
store: new RedisStore(options),
secret: 'keyboard cat'
}));
KoaJS
Using redis to store session data is also possible in koa with the koa-redis module.
Paraphrasing from the Readme:
var app require('koa')();
var session = require('koa-generic-session');
var redisStore = require('koa-redis');
app.keys = ['keys', 'keykeys'];
app.use(session({
store: redisStore()
}));
app.use(function *() {
this.session.name = 'koa-redis';
});
No Databases Session Store
Express
Express can store session data in cookies with the cookie-session extension.
Koa
As mentioned before, the koa-session module stores sessions in cookies by default.
Can not find any info (on passport.js site) about general passport.js instalation and declaration in node.js.
In the tutorials I always see express session middleware and cookie-parser stated as required for passport, yet session docs (https://github.com/expressjs/session) notes:
'Since version 1.5.0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req/res. Using cookie-parser may result in issues if the secret is not the same between this module and cookie-parser.'
So do I need to use session & cookie-parser for passport for some reasons, or I can use only session, am I need to tweak something then?
No, passport itself does not require cookie-parser middleware. If you want session-persistent authentication then you'll need the express-session middleware, which used to require cookie-parser, but modern versions of express no longer have this requirement (the current version of express-session reads and writes cookies directly).
I'm migrating from express 3.x to express 4.x
I'm having issues finding a mongo session store which works with the new session middleware.
Previously:
express 3.x had connect as a dependency, which in turn came with bundled session middleware.
In order to persist sessions in a mongo database, the de-facto middleware was connect-mongo.
New world order:
Now with express 4.x, connect is no longer a dependency.
As such, pretty much all the previously bundled middleware has been factored out into separate middleware, such as session listed above.
session takes a store, but since connect-mongo depends on connect, is is not compatible with express 4.x.
Question:
I cannot find information on which mongo session store to use when migrating to express 4.x. Any suggestions?
connect-mongo still works in express 4.x, however, you now pass in session instead of express
Express 3.x:
var express = require('express');
var mongoStore = require('connect-mongo')(express); // note parameter = express
Express 4.x:
var session = require('express-session');
var mongoStore = require('connect-mongo')(session); // note parameter = session
NPM:
Unfortunately, at the time of writing, the latest version of connect-mongo has not been deployed to npm.
EDIT: The latest version of connect-mongo has been deployed to npm
You can either download the latest version direct from github
or a workaround is to create a temporary object:
{
session: session
}
and pass this to mongo-connect:
var mongoStore = require('connect-mongo')({session: session});
I write scalable application with node.js and have a problem.
When I click on facebook auth link (/auth/facebook) and when it's redirect me back — throws the error:
{"error":{"message":"redirect_uri isn't an absolute URI. Check RFC 3986.","type":"OAuthException","code":191}}
I think, it's because I use cluster. I try to set RedisStore for session:
RedisStore = require('connect-redis')(express);
...somecode...
app.use(express.session({ store: new RedisStore(), secret: 'secret code'}));
But it's still not work. Also, the "findOrCreateUser" function work correct and i get user info as I want. All I need is redirect user to index page.
I'm use Express 3, Node 0.8.14
Everyauth have the same issue on github https://github.com/bnoguchi/everyauth/issues/153
Thanks in advance!
I'm resolved my problem by using passportjs instead everyauth.
I am giving a look at the node.js web framework Locomotive. Since it is built on top of Express, I suppose Connect middleware should be easily accessible, but I can't find out how.
I added 2 lines to config/environments/all.js:
this.use(express.cookieParser());
this.use(express.session({ secret: 'keyboard cat'}));
Where is the session object now?
I found out by myself. It was quite easy:
var express = require('express');
var sess = express.session;