I've read this topic Node.js + express.js + passport.js : stay authenticated between server restart and I need exactly the same thing, but for Redis. I used such code:
var RedisStore = require('connect-redis')(express);
app.use(express.session({
secret: "my secret",
store: new RedisStore,
cookie: { secure: true, maxAge:86400000 }
}));
And it doesn't work. To connect Redis I use connect-redis module. What I'm doing wrong? Thanks!
UPD: I don't get any errors. To ensure auth processes succesfully, I added log-line, and it executes.
function(email, password, done) {
// asynchronous verification, for effect...
process.nextTick(function() {
findByEmail(email, function(err, user) {
if (!user) {
return done(null, false, {
message: 'Unknown user ' + email
});
}
if (user.password != password) {
return done(null, false, {
message: 'Invalid password'
});
}
//just logging that eveything seems fine
console.log("STATUS: User " + email + " authentificated succesfully");
return done(null, user);
})
});
}));
Log with express.logger() enabled was:
127.0.0.1 - - [Fri, 19 Oct 2012 05:49:09 GMT] "GET /ico/favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4"
STATUS: User admin authentificated succesfully
I do suppose that there is nothing wrong with auth/users/credentials/serializing/deserializing itself. The problem is just passport cannot set cookie to Redis and the read it.
I should use
cookie: { secure: false, maxAge:86400000 }
try this out, instead of passing express to const RedisStore pass session.
const redis = require('redis');
const session = require('express-session');
const redisStore = require('connect-redis')(session);
const cookieParser = require('cookie-parser');
const app = require('../app');
app.app.use(cookieParser("secret"));
const rediscli = redis.createClient();
app.app.use(session({
secret: 'secret',
store: new redisStore({
host: '127.0.0.1',
port: 6379,
client: rediscli,
ttl: 260
}),
saveUninitialized: false,
resave: false
}));
What happens when you set the store explicitly? i.e. something along these lines in your app:
var redis = require('redis');
// This is host and port-dependent, obviously
var redisClient= redis.createClient(6379, 'localhost');
app.use(express.session({
secret: 'your secret',
/* set up your cookie how you want */
cookie: { maxAge: ... },
store: new (require('express-sessions'))({
storage: 'redis',
instance: redisClient
})
}));
Related
I searched a lot to fix my problem but nothing works, the req.session is undefined, what am I doing wrong ?
In server.js :
const app = express();
const session = require('express-session');
const redis = require('redis');
const redisClient = redis.createClient();
async function connectRedis() {
try {
const redisStore = require('connect-redis')(session);
await redisClient.connect();
app.use(
session({
name: '_redisPractice',
secret: 'myStackOverflowkey',
saveUninitialized: true,
cookie: { maxAge: 1000 * 60 * 60 * 24, secure: false, httpOnly: true },
resave: false,
store: new redisStore({ host: 'localhost', port: 6379, client: redisClient, ttl: 86400 }),
}),
);
} catch (err) {
console.log(err);
}
}
connectRedis();
app.post('/api/auth/signin', (req, res) => {
console.log('Well.....', req.session);
});
The redis-CLI's monitor doesn't show anything, same for my server.
Thank you in advance
I am trying to add Redis to my website for session management but I get the below error:
UnhandledPromiseRejectionWarning: Error: The client is closed
Below is my code:
I have kept only the relevant redis lines to avoid verbosity.
const express = require('express');
const app = express();
const session = require('express-session');
const redis = require('redis');
const connectRedis = require('connect-redis');
const RedisStore = connectRedis(session)
const redisClient = redis.createClient({
host: 'localhost',
port: 6379
})
redisClient.on('error', function (err) {
console.log('Could not establish a connection with redis. ' + err);
});
redisClient.on('connect', function (err) {
console.log('Connected to redis successfully');
});
app.use(session({
store: new RedisStore({ client: redisClient }),
secret: 'secret$%^134',
resave: false,
saveUninitialized: false,
cookie: {
secure: false, // if true only transmit cookie over https
httpOnly: false, // if true prevent client side JS from reading the cookie
maxAge: 1000 * 60 * 10 // session max age in miliseconds
}
}))
app.use(
session({
name: 'AuthCookie',
secret: 'some secret string!',
resave: false,
saveUninitialized: true
})
);
app.listen(port, () => {
console.log("We've now got a server!");
console.log('Your routes will be running on http://localhost:3000');
});
I read that I should add await client.connect() but I am not sure
In node using express.js, I have a redis-based session set up thusly:
// Redis session
const sessionStore = new RedisStore({
client: getRedisClient(),
prefix: 'bl:',
ttl: parseInt(config.sessionTTL, 10),
logErrors: (err) => {
log.error('Redis session error', {
err_message: err.message,
err_stack: err.stack
});
}
});
app.use(session({
secret: config.sessionSecret,
store: sessionStore,
resave: false,
saveUninitialized: false
}));
The ttl parameter is typically set to 30 minutes, at the end of which the session dies quite nicely.
I now need to advise the user when 5 minutes or less remains of their session but can't find a way of determining when I hit that landmark.
I assumed (rather naively) the amount of time left would be stored in req.session, but when I display that it typically only shows the following:
Session {
cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true },
cookieChoiceConfirmationBannerSeen: 'seen',
accessPage: '/decision/application-reference',
appRef: '12345678'
}
How can I find how much time is left on my session? Should I use maxAge or expiry rather than ttl?
========= EDIT =========
Additial info:
the code for getRedisClient:
const redis = require('ioredis');
const config = require('../config/config');
let client;
const getRedisClient = () => {
if (!client) {
client = redis.createClient({
host: config.redisHost,
port: config.redisPort
});
}
return client;
};
module.exports = {
getRedisClient
};
You should be able to get the ttl of the entry itself by calling your redisClient with the corresponding key, i.e. your defined key-prefix (default sess) and the session-id. Something like this should work:
const prefix = 'bl:';
const redisClient = getRedisClient();
// Redis session
const sessionStore = new RedisStore({
client: redisClient,
prefix: 'bl:',
ttl: parseInt(config.sessionTTL, 10),
logErrors: (err) => {
log.error('Redis session error', {
err_message: err.message,
err_stack: err.stack
});
}
});
app.get('/get-session-ttl', (req, res) => {
redisClient.ttl(`${prefix}${req.session.id}`,((err, reply) => {
console.log("the remaining ttl is "+reply);
res.send("...");
}));
})
I'm trying to use mssql-session-store as nodejs (express) store for session:
https://www.npmjs.com/package/mssql-session-store
This is how it should be configured(from npm page):
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: false,
store: new MssqlStore(options) // see options below
}));
var options = {
connection: existingConnection,
ttl: 3600,
reapInterval: 3600,
reapCallback: function() { console.log('expired sessions were removed);
}
};
My problem is with the options.connection. It should be "Optional instance of a Connection from mssql".
This connection establishment is an async process (from the npm page):
const sql = require('mssql')
async () => {
try {
await sql.connect('mssql://username:password#localhost/database')
const result = await sql.query`select * from mytable where id =
${value}`
console.dir(result)
} catch (err) {
// ... error checks
}
}
This is how express session is being defined in the nodejs initialization:
app.use(session({
name:<session name>,
key: <session key id>,
resave:false,
saveUninitialized:false,
secure: process.env.NODE_ENV ==="production",
secret:<secret string>,
store: new MssqlStore(options), //This is optional - for use when using sql server as a store
cookie:{
//httpOnly: true,
secure: process.env.NODE_ENV ==="production",
expires: config.expressSession.cookieLifeTime
}
}));
The problem is that establishment of the connection is an async process. I've tried several versions to both use the express-session in the application, but doing so just after the connection has been set up (async).
See my basic code (initialization of node.js - servre.js file):
const express = require('express');
const app = express();
const sql = require('mssql');
const session = require ('express-session');
const MssqlStore = require ('mssql-session-store')(session);
var sqlStore = null;
var store = null;
var mssqlConfig =
{
user: <user>
password: <password>,
server: <server name>
database: <database>,
options: {
encrypt: true // Use this if you're on Windows Azure
}
}
I've tried setting the session in the app in the connetion promise:
var sqlConnection = null;
async function getConnectedConnectionOptions()
{
try
{
sqlConnection = await sql.connect(<connection string>);
return await Promise.resolve(sqlconnection: sqlConnection);
} catch (err)
{
sqlConnection = null;
}
}
getConnectedConnectionOptions(),then(result =>
app.use(session({
name:<session name>,
key: <session key id>,
resave:false,
saveUninitialized:false,
secure: process.env.NODE_ENV ==="production",
secret:<secret string>,
store: new MssqlStore(result) ,
cookie:{
//httpOnly: true,
secure: process.env.NODE_ENV ==="production",
expires: config.expressSession.cookieLifeTime
}
}));
but then there's a scope problem where session is not defined in the global app.
Please support.
this is inside example folder in the mssql-session-store module
var dbConfig = {
server: "localhost\\sqlexpress",
database: "sessiontest",
user: "sa",
password: "atonan"
};
var start = function(callback) {
callback = callback || function() {};
sql.connect(dbConfig, function(err) {
if (err) return callback(err);
var app = express();
app.use(session({
secret: '991E6B44882C4593A46C0DDFCA23E06A',
resave: false,
saveUninitialized: false,
store: new MssqlStore({ reapInterval: 10, ttl: 10 })
}));
I am developing in node and express. And I am trying to make a remember me login. I am reading a lot of things on the web, but can't make it work. I don't know if there is a receipe, and if there it is, I could't find it.
I was trying with redis and express session. And is working partially.
If a restart node server, or close and reopen chrome. Session is active. So going into "/" will redirect me to "/index.html".
But if I restart the pc, I lost session. So goning into "/" will redirect me to "login"
Here some significant code from my server:
var redisClient = require('redis').createClient();
var RedisStore = require('connect-redis')(express);
app.use(bodyParser());
app.use(cookieParser());
app.use(express.session({
store: new RedisStore({
host: 'localhost',
port: 6379,
db: 0,
cookie: { maxAge: (24*3600*1000*30)}, // 30 Days in ms
client : redisClient
}),
secret: 'seeeecret'
}));
app.get('/', function(req, res, next) {
res.redirect('/index.html');
});
app.post('/login', function(req, res) {
function loginSuccess() {
req.session.regenerate(function() {
req.session.user = req.body.usuario;
res.sendfile('index.html', {root: './static'});
});
}
function loginFailure(errText, errCode) {
console.log("failed to login. "+errCode+": "+errText);
res.redirect('/login');
}
//Imap email login (the user will authenticate with his email, end email's pass)
checkPassword(req.body.usuario, req.body.server, req.body.password, loginSuccess, loginFailure);
});
function restrict(req, res, next) {
if (req.session.user) {
next();
} else {
req.session.error = 'Access denied!';
res.redirect('/login');
}
}
It seems that you have the "cookie" in the wrong place:
app.use(express.session({
cookie: { maxAge: (24*3600*1000*30)}, // <-- where it belongs
store: new RedisStore({
host: 'localhost',
port: 6379,
db: 0,
client : redisClient
}),
secret: 'seeeecret'
}));