Hi I am using expressjs for my web application, and I use the session middleware, my question is that how I can do something right before the session expire?
For example, I store something in the session, and I set the req.session.cookie.maxAge to 60000(1 minute), when the session timeout, I want to save the data in the session to disk, how I can do this? I checked the API and the destroy function only support callback...
Thanks!
Assuming you're using connect-session there's nothing like session expiration event.
Sessions expire either :
on the client (when cookie gets outdated). There's no way to know about it until a request is made so there's a danger that the event will never get triggered.
in the session store, usually using some form of time-to-live. Not all session stores support events, so notification can't be done in general.
You can, however try implement your own check using setTimeout() - when it times out check if the session's expiration date is sufficiently close to now and do whatever you need to do.
Related
I'm learning to use the "client-sessions" package in Node.js, with Express. Everything seems to be working well. But I'm wondering, is there is a way to have it call a function if a session expires?
I'm setting things up so that the session only stores a unique ID. Then outside of the session I store all the user data and anything else I need. That way it keeps my cookies and session info very small. But I want to know when a session has expired so that I can clear any info that doesn't need to be kept after the session is gone.
But I have not been able to find any details on how to do this. Am I thinking about this in the wrong way? If I store everything in the session it will try to store it all in the cookie as well won't it?
thanks in advance.
Making my comments into an answer since it appears to have helped you solve your issue...
If you use a session manager like express-session that only stores a session ID in the browser cookie and keeps a session object server-side in the session store, then you can just store your data directly in the session object and when the session expires, the session manager will just automatically clean up the session (including your data in the session). Then, you don't have to worry about when it expires as things are just managed for you automatically.
express-session has the ability to look up a given session in the session store.get(sessionID, callback) where store is the session store object you're using. To use that, you need to have previously saved the sessionID for a given user that you want to look up.
I am Switching between two different Dynamic web application through Links.But if i am working on one application for long time then others application session expires and i got redirected to login page, Is there any method to keep session alive beyond maxInactive time interval while i am working on other application page
There are two options-
If both applications requires single sign on feature (like we login to gmail, then all google services are accessible), you can use tomcat clustering and share session accross cluster. Both your apps will be part of the cluster.
A simple work aroud would be to set a heartbeat ajax request in each application. Use JavaScript's timeout function and send ajax request to servlet after a fix interval.
You can anyway update MaxInactiveInterval of server at runtime, there is this method setMaxInactiveInterval available for HTTPsession class object.
Hope this helps. :)
I can think of one option here that is to manage your own Session Pool. You can save the session object in ArrayList<HttpSession> whenever you create new session. And send that session id to your another application. When you return to previous app, you send back session id. And if you find session dead then find that session in your Session Pool by session id and create new session. In new session set attributes of the previous session object.
Hope this might be useful.
I'm building a single-page javascript app that talks to Express on the back end. At various points in the app, we interact with the back end, updating the session. The session expiration is relatively short for security reasons.
In it, I'd like to warn the user that the session might be expiring, if they've been idle for a long time and have not made any transactions with the back end.
I'd like to have an Express "heartbeat" route that returns how long the session has remaining (session.maxAge), but I don't want it to refresh the session expiration.
The connect.session code automatically refreshes the session at the end of a request.
I'm looking for a way to have access to the session to fetch the maxAge, but not have it updated.
Best bet would be modifying your SessionStore manually to not modify the session expiration when coming from a specific route (req.url).
Look for the part of your sessionStore that calls Session.touch().
I have noticed that in order to store a value into the session you simply call
req.session.key = value
without the need to specify a callback. I have set mysql as my session storage adapter using the connect-mysql module. So I am wondering that consider each time I save a value to the session it is being updated in the db, shouldn't there be a callback associated with this? Yet everywhere I look people are happily using it synchronously. Can someone please explain why this is the case? THanks.
The session middleware only actually interacts with the data-store twice per request, rather than immediately with each change:
With Store#get() to retrieve the Session in bulk at the start of a request. (source)
With Store#set() (via Session#save()) to persist the Session in bulk at the end of the request. (source)
Between these steps, changes to the session can be done synchronously. They just should be done before res.end() or similar (res.render(), res.json(), etc.) is called.
On asp.net, we have a session expire event. I'm using node.js with express.js and the default memory store for sessions. Every time I restart node, the sessions are lost. Ideally, I'd like to save the sessions to the db (can't use redis).
Is there a session expire event?
If you want to save the sessions to a database which isn't Redis, there are more solutions: https://github.com/senchalabs/connect/wiki (check the Session Stores section).
As far as I know there isn't such an event for cookie/session expiration (I've looked at the code for Connect and didn't find such a feature).
Also if you don't want to use sessions with a database at all, the are several modules for that (storing sessions in cookies, encrypted):
https://github.com/jpallen/connect-cookie-session
https://github.com/ciaranj/express-session-cookie