I am setting a session cookie as part of PassportJS. I can see the connect.sid cookie being passed to the browser, and back to the application on subsequent HTTP requests.
However, when I read req.cookies in one of my routes, it is empty. I have set up express.cookieParser(), express.session(), and passport.session() in configuration settings. Is there anything else that needs to be done in order to use cookies in Express / Node?
Here are my app configuration settings:
app.configure(function () {
app.set("db_url", config.db[app.settings.env]);
app.set('port', process.env.PORT || 3000);
app.use(express.logger('dev')); /* 'default', 'short', 'tiny', 'dev' */
app.use(express.static(path.join(__dirname, 'public')));
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({secret: "keyboard cat"}));
app.use(passport.initialize());
app.use(passport.session());
app.use(users);
app.use(orgs);
app.use(errorHandler);
});
Thanks!
Try req.session instead req.cookies. If you want to store information within the cookie you need to set them similar to
res.cookie('remember', 1, { maxAge: 60 * 1000 });
Then req.cookies should contain
{ remember: '1' }
The default value of req.session is
{ cookie:
{ path: '/',
_expires: null,
originalMaxAge: null,
httpOnly: true
}
}
Related
When user login, i am storing data in session like this :
req.session.user = userData;
And it is working fine but when i restart in nodejs, the session is null. Then user need to login again.
I want to create a file based storage for session.But after a lot of search, i got the way to store data in database but i dont want to store session data in database. I want to store data in file.
Is there a nodejs module to store the session data in file?
You can use session-file-store. can refer below working example.
var express = require('express');
var app = express();
var session = require('express-session');
var FileStore = require('session-file-store')(session);
app.use(session({ secret: 'keyboard cat',
resave: false,
saveUninitialized: false,
store: new FileStore,
cookie: { maxAge: 3600000,secure: false, httpOnly: true }
})
);
app.get('/', function (req, res) {
if (req.session.views) {
req.session.views++;
res.setHeader('Content-Type', 'text/html');
res.write('<p>views: ' + req.session.views + '</p>');
res.end();
} else {
req.session.views = 1;
res.end('Welcome to the file session demo. Refresh page!');
}
});
var server = app.listen(3000, function () {
var host = server.address().address;
var port = server.address().port;
console.log('Example app listening at http://%s:%s', host, port);
});
You can try connect-fs2.
var FSStore = require('connect-fs2')(express);
var options = { dir='./mySessionFolder' }; // specify your directory to store your session files
app.configure(function() {
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({
store: new FSStore(options), // use it as your store
secret: 'your secret',
cookie: { maxAge: 7 * 24 * 60 * 60 * 1000 } // 1 week
}));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
});
Butt isn't it something like whenever we logedin session data is store in file and we at the moment we logout session data which are store in file they may get delete...
its not a good idea to write session data in file , because you need to stores as key , value pair and have to parse it. if the user logout you need to delete particular session from file (otherwise the file may goes out of memory)
you say , you have stored session data in db , you need to add additional status information as key value pair in db. that status should only become false when the user terminates the seesion or session timeouts , otherwise it remains true even if server restart.with reference with this status you can hold the users.
I would like to use the req.flash that was removed as of Express 3.0. According the docs, simply configure the app as so to use it:
app.configure(function() {
app.use(express.cookieParser('keyboard cat'));
app.use(express.session({ cookie: { maxAge: 60000 }}));
app.use(flash());
});
However, I've configured my app as so:
app.configure('production', function() {
app.use(express.static('/static', express.static(__dirname + '/lib/static')));
app.use(express.errorHandler());
app.use(express.cookieParser('keyboard cat'));
app.use(express.session({ cookie: { maxAge: 60000 }}));
app.use(flash());
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
});
I've been trying to detect the availability of flash as so:
app.all('/*', function(req, res, next) {
console.log('FLASH: ', req.flash);
....
My logs show the following:
FLASH: undefined
FLASH: undefined
FLASH: function _flash(type, msg) {....
This was displayed with just one request to the '/' route. I understand why there may be multiple requests with the one GET request to '/', however, I'm wondering why req.flash is not available on every request as the docs state.
I think you should change your configuration to:
app.configure('production', function() {
app.use(express.errorHandler());
app.use(express.cookieParser('keyboard cat'));
app.use(express.session({ cookie: { maxAge: 60000 }}));
app.use(flash());
app.use(passport.initialize());
app.use(passport.session());
app.use(express.static('/static', express.static(__dirname + '/lib/static')));
app.use(app.router);
});
I always keep my static route at the end of my middleware.
I think the problem is that your /* route is also firing for /static requests and, since that middleware is declared before the flash() middleware, the request object hasn't yet been modified.
I have written a simple cms in nodejs using expressjs framework. I used passportjs for authentication using twitter. below is my app.configure:
app.configure(function(){
//views
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
//parse request bodies
app.use(express.bodyParser());
app.use(express.methodOverride());
// session support
app.use(express.cookieParser(cfg.cookie_secret));
app.use(express.session({
key : 'whynode',
store : sessionStore,
cookie: {
expires: new Date(Date.now() + 60 * 10000),
maxAge: 60*10000
}
}));
app.use(passport.initialize());
app.use(passport.session());
//pass user data
app.use(function(req, res, next) {
res.locals.req_path = req.path;
res.locals.user = req.user || false;
next();
});
//get routers
app.use(app.router);
//serve asset files
app.use('/assets', express.static(__dirname + '/public'));
});
I used redis for session store. full app.js code can be viewed here full app.js
What I am now experiencing is when I leave app unused for some minutes, session expires and I need to login again. How do we make so that session doesnot timeout for atleast 2-3 hours of inactivity?
Adjust this code:
cookie: {
expires: new Date(Date.now() + 60 * 10000),
maxAge: 60*10000
}
That sets the expiry for your session to 10 minutes. You don't need to use both maxAge or expires, one will suffice (the difference is that expires uses a Date instance and maxAge just means expire X milliseconds from now).
For RedisStore you can set disableTTL to true. Keys will stay in redis until evicted by other means.
var sessionStore = new RedisStore({client: rClinet, disableTTL: true})
I'm trying to set cookie on express.js but it return undefined.
I've searched many web pages and put express.cookieParser() above app.use(app.router)
but it still can't return the right value.
app.js
app.configure(function(){
var RedisStore = require('connect-redis')(express);
app.use(express.logger());
app.set('view options', { layout: false });
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser({uploadDir: './uploads/tmp'}));
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ secret: "william", store: new RedisStore }));
//Initialize Passport! Also use passport.session() middleware, to support
//persistent login sessions (recommended).
app.use(passport.initialize());
app.use(passport.session());
//app.router should be after passportjs
app.use(app.router);
app.use(express.compiler({ src: __dirname + '/public', enable: ['less']}));
app.use(express.static(path.join(__dirname, 'public')));
});
app.get('/', function(req, res) {
res.cookie('cart', 'test', {maxAge: 900000, httpOnly: true})
});
app.get('/test', function(req, res) {
res.send('testcookie: ' + req.cookies.cart);
});
the result:
testcookie: undefined
Cookies are set in HTTP Headers. res.cookie() just sets the header for your HTTP result, but doesn't actually send any HTTP. If your code was syntactically correct and it ran, it would actually just sit and not return anything. I also fixed some syntax bugs in your code in this app.get():
app.get('/', function(req, res) {
res.cookie('cart', 'test', {maxAge: 900000, httpOnly: true});
res.send('Check your cookies. One should be in there now');
});
You need to send something out, or at least call res.end(), after setting the cookie. Otherwise all res.cookie() does is add some headers to a list of headers that will be sent out later.
Set cookie name to value, where which may be a string or object converted to JSON. The path option defaults to "/".
res.cookie('name', 'tobi', { domain: '.example.com', path: '/admin', secure: true });
Here is the Link for more detail
http://expressjs.com/api.html#res.cookie
My configuration:
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({
secret: 'MY SECRET',
store: new MongoStore({
db: 'MY SESSION DB',
host: 'localhost',
port:88888
})
}));
app.use(everyauth.middleware());
app.use(express.methodOverride());
app.use(app.router);
});
app.configure('dev', function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
appPort = config.port; //Setting PORT to 8888 in dev mode.
app.use('/public', express.static(__dirname + '/public'));
});
app.configure('production', function(){
app.use(express.errorHandler());
appPort = config.port;
//Set cache-header-expires to 1 day
var oneDay = 86400000;
//app.use('/public', express.static(__dirname + '/public'));
app.use('/public',express.static(__dirname + '/public', { maxAge: oneDay }));
});
Now, I have a 'logout' link which goes to /logout on my app.
AFAIK, express automatically takes care of clearing sessions on logout. But with my config, I dont think its doing that. For example, A custom variable attached to session
req.session.custom
still holds after logout. However,
req.session.auth
is cleared after logout.
The number of session object in my MongoDb store are only incrementing over time. I am using everyauth as well.
What am I missing or doing wrong?
If you want to fully clear the session for the user on logout you can call req.session.destroy() from your everyauth.everymodule.handleLogout function. Only req.session.auth is cleared when you call req.logout().
why is it creating a new session in mongo store.Is there any way to
prevent it when i am redirected to login again. – loneranger Jun 7 '15 at 5:43
There's a saveUninitialized option to prevent the session to be saved if it does not contain any data.
app.use(session({
secret: 'secret123',
store: new MongoStore({
mongooseConnection: mongoose.connection,
ttl: 60 * 30 // half hour
}),
saveUninitialized: false
}));