I am trying to get persistent sessions working using RedisStore but whenever i close the browser the session is destroyed. I tried setting the maxAge and ttl but nothing makes the session survive a browser restart. What am i doing wrong?
The relevant parts of my code are:
var app = express();
var RedisStore = require('connect-redis')(express);
app.use(express.cookieParser('my secret key'));
app.use(express.session({
store: new RedisStore({
host: 'localhost',
port: 6379,
ttl: (60000 * 24 * 30),
cookie: { maxAge: (60000 * 24 * 30) }
}),
secret: 'my secret key'
}));
The cookie should belong in the object you pass to express.session, not in the object you pass to RedisStore.
Try the following:
app.use(express.session({
store: new RedisStore({ host: 'localhost', port: 6379, ttl: (60000 * 24 * 30)}),
cookie: { maxAge: (60000 * 24 * 30)},
secret: 'my secret key'
}));
Related
I'm using the following to configure my session on subdomain1.example.com:
const expressInstance = express();
expressInstance.use(
session({
secret: "my secret",
cookie: {
domain: '.example.com',
sameSite: 'none',
secure: true,
maxAge: 1000 * 60 * 60 * 48
}
})
);
expressInstance.set('trust proxy', 1);
Then I set it as:
res.cookie("cookie_name", "cookie_value")
I can see this cookie when I visit subdomain1.example.com but not when I visit example.com.
What am I missing? Isn't this a very common use case?
I notice that some of the project will use redis store and express session to save the user session
For example:
const session = require('express-session');
var redis = require("redis");
var redisStore = require('connect-redis')(session);
var client = redis.createClient();
var app = express();
app.use(session({
secret: 'scret',
store: new redisStore({
host: '127.0.0.1',
port: 6379,
client: client,
ttl : 7200
}),
saveUninitialized: true,
// rolling: false,
resave: true,
cookie: {
maxAge: 2 * 60 * 60 * 1000
}
}));
What is the reason that we need to use these two Session Management function at the same time?
express-session can be set up with different "stores" to save session data.
MemoryStore comes with the package express-session.
The authors of express-session warn about this default store.
Warning The default server-side session storage, MemoryStore, is
purposely not designed for a production environment. It will leak
memory under most conditions, does not scale past a single process,
and is meant for debugging and developing.
Redis is one of the compatible session stores and in this case is used "as a replacement" of a default store.
I am using express.js as my api faremwork.trying to set browser cookie from expressjs with response.cookie but it is not saving any cookie on my browser.
No Error in console
Already tried httpOnly false/true,secure false/true
res.cookie('nodeSessID', req.sessionID, {maxAge: 24*60*60*1000,httpOnly:false,secure:false,domain:'cz-tuts.com',path:'/'}).json({status:1,message:"success"});
app.use(cookieParser());
app.use('/*',session({
secret: 'ThisisTestSecretForCookie',
// create new redis store.
name: 'nodeSessID',
store: new redisStore({host: 'localhost', port: 6379, client: redisClient,ttl : 260}),
saveUninitialized: false,
resave: true,
cookie: { secure: false,domain:'cz-tuts.com',httpOnly:false,path: '/',maxAge:360000 },
}));
cookie should saved in browser
The simple example on https://github.com/voxpelli/node-connect-pg-simple shows:
var session = require('express-session');
app.use(session({
store: new (require('connect-pg-simple')(session))(),
secret: process.env.FOO_COOKIE_SECRET,
resave: false,
cookie: { maxAge: 30 * 24 * 60 * 60 * 1000 } // 30 days
}));
But when I try it, node complains:
throw new Error('No database connecting details provided to
connect-pg-simple');
How do I specify the connection string?
// I was stuck with the same proble and solved it
// 1-) Connection details
const conObject = {
user: 'mehmood',
password: 'mehmood',
host: 'localhost',// or whatever it may be
port: 5432,
database: 'test_db'
};
// 2-) Create an instance of connect-pg-simple and pass it session
const pgSession = require('connect-pg-simple')(session);
// 3-) Create a config option for store
const pgStoreConfig = {
pgPromise: require('pg-promise')({ promiseLib: require('bluebird') })({
conObject }), // user either this
//conString: 'postgres://mehmood:mehmood#localhost:5432/test_db', // or this
// conObject: conObject,// or this,
// pool: new (require('pg').Pool({ /* pool options here*/}))// or this
}
// 4-) use the store configuration to pgSession instance
app.use(session({
store: new pgSession(pgStoreConfig),
secret: 'jW8aor76jpPX', // session secret
resave: true,
saveUninitialized: true,
cookie: { maxAge: 30 * 24 * 60 * 60 * 1000 } // 30 days
}));
// Share improve this answer
For me it worked like
conString:'postgres://postgres:password123#localhost:5432/edu';
So the format must be
conString:'postgres://<user>:<database_password>#<hostname>:<port>/<database_name';
For deploying you get a username. If you run on local machine then PostgreSQL
I am using this configuration for session:
app.use(session({
secret: config.cookieSecret,
resave: true,
saveUninitialized: true,
store: sessionStore, //MongoStore
key: 'sid',
cookie: {
name: 'sid',
path: '/',
maxAge: 1000 * 60 * 60 * 5 // 5h
}
}));
It works fine in Chrome and Firefox (session id remains the same) but Safari somehow manages to create a new session id for each request. Is there any other way to handle this.