I am giving a look at the node.js web framework Locomotive. Since it is built on top of Express, I suppose Connect middleware should be easily accessible, but I can't find out how.
I added 2 lines to config/environments/all.js:
this.use(express.cookieParser());
this.use(express.session({ secret: 'keyboard cat'}));
Where is the session object now?
I found out by myself. It was quite easy:
var express = require('express');
var sess = express.session;
Related
It is unclear what are the correct configuration parameters to use are in the situation of using Redis Cloud and Heroku, and can't find a functioning example online.
Here is my current code:
const express = require('express')
const session = require('express-session')
const RedisStore = require('connect-redis')(session);
...
const server = express()
server.use(bodyParser.json())
server.use(bodyParser.urlencoded({ extended: false }))
server.use(cookieParser())
server.use(session({
secret: token_secret,
// create new redis store.
store: new RedisStore({ url: 'redis://rediscloud:...#...redislabs.com:11111'}),
resave: true,
saveUninitialized: true
}));
Should I have resave and saveUnitialized set to true or false in the case of Redis Cloud and Heroku as the session store (using express-session)?
Additionally, does the cookieParser affect the session and need to be there? Or is that separate and only to parse the cookie that is coming from the client, and unrelated to the server-side session storage with Redis? Also, should the cookie parser have a secret passed into the function?
And finally, should bodyParser come before or after the server.use(session), and should urlencoded extended be set to true or false?
Let's go by parts, as Jack the Ripper said...
It is unclear what are the correct configuration parameters to use are
in the situation of using Redis Cloud and Heroku, and can't find a
functioning example online.
RedisCloud on Heroku (Node Express Example) # GitHub
Should I have resave and saveUnitialized set to true or false in the
case of Redis Cloud and Heroku as the session store (using
express-session)?
app.use(expressSession({resave: false, saveUninitialized: false})) reduces the number of times the session store will be accessed. This benefits hardware resources and performance (Normally is better to set them to false).
Additionally, does the cookieParser affect the session and need to be
there?
Not anymore : express-session middleware, used to require cookie-parser, (but the current version of express-session reads/writes cookies directly).
And finally, should bodyParser come before or after the
server.use(session)
The body-parser middleware parses the bodies of incoming HTTP requests. Populating the req.body property which is then available in your routes and middlewares. So the order doesn't influence the behaviour.
and should urlencoded extended be set to true or
false?
The parsers you will need depend on the request types your server has to deal with.
The difference regarding extended: false and extended: true is already explained in this answer.
I am developing a website heavily embedded with user authentication (using passport). I also have nodemon reloading the server after each server change. However it is quite tedious to have to log in as a user each time to test a new change. Is there a way to avoid having to constantly log in as a user to test every single new server change? I can not find any npm modules that fake a persistent user or solve the problem. Thanks!
The Answer - If you are in a similar situation use this code.
Came back with a solution that works, so for anyone who sees this post in the future. This is how you get simple persistent user authentication. With passport. This assumes you have strategies in place already, and as just tring to make the users stay after server restarts.
var bodyParser = require('body-parser')
var mongoose = require('mongoose');
var session = require('express-session');
var cookieParser = require('cookie-parser');
const MongoStore = require('connect-mongo')(session);
app.use(session({
resave: true,
saveUninitialized: true,
secret: 'add-secret',
store: new MongoStore({
url: process.env.MONGODB_URI || "mongodb://localhost/add-url",
autoReconnect: true,
clear_interval: 3600
})
}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
Yup - it sounds like that's EXACTLY what you want: a "mock authentication" module (for testing purposes only).
Here are two possibilities; you might also consider writing your own:
passport-stub
passport-mocked
I'm developing a node.js app and I use nodemon to run it. My question is how I do to keep the session open when I make a change in the server, and nodemon reboot.
This answer assumes that you're using Express or Koa, two of the more popular node.js web frameworks.
In your application, you probably have a line that says the following.
Express 4
var app = require( 'express' )()
var session = require( 'express-session' )
app.use( session() ) // this is the session middleware
KoaJS
var app = require( 'koa' )()
var session = require( 'koa-session' )
app.use( session() ) // this is the session middleware
The guiding wisdom in web applications is to make the world-facing side of it as stateless as possible. This means that your node.js server holds no information between requests and can be destroyed and restarted anytime.
A session is a very stateful thing. Because of this, you need to store session data in something designed to keep the data uncorrupted in the long run. This is most commonly done through a database (more secure) or a browser cookie (less secure).
The express-session module holds session information in memory by default. This violates the stateless ideals and will lose session information on reboot.
The koa-session module uses cookies by default. This is stateless, but raises some security concerns in that it may be possible for users to modify their own session variables, so don't use this for billing or other sensitive operations.
In both of the above modules, you can override the defaults with your own session store.
Redis Session Store
I normally store session data in a database like redis.
Express
This can be easily wired into express with a module like connect-redis.
Quoting from the Readme:
var session = require('express-session');
var RedisStore = require('connect-redis')(session);
app.use(session({
store: new RedisStore(options),
secret: 'keyboard cat'
}));
KoaJS
Using redis to store session data is also possible in koa with the koa-redis module.
Paraphrasing from the Readme:
var app require('koa')();
var session = require('koa-generic-session');
var redisStore = require('koa-redis');
app.keys = ['keys', 'keykeys'];
app.use(session({
store: redisStore()
}));
app.use(function *() {
this.session.name = 'koa-redis';
});
No Databases Session Store
Express
Express can store session data in cookies with the cookie-session extension.
Koa
As mentioned before, the koa-session module stores sessions in cookies by default.
I've been looking for authentication in nodeJs. I've looked at PassportJs and Everyauth. Both of them had old documentation and old version of express used. Things that depreciated in express 4+.
app.use(express.cookieParser());
app.use(express.bodyParser());
I had a look at this question, which had nice answers. But had no success implementing them on PassportJs or Everyauth. So does anyone know an method to implement this ? or can anyone give me an authentication tutorial for express 4+ nodeJs authentication ?
Should work like this:
var bodyParser = require('body-parser'),
cookieParser = require('cookie-parser'),
express = require('express'),
session = require('express-session'),
passport = require('passport');
var app = express();
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
app.use(session({
secret: 'secrit cat',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
Scotch.io has updated its tutorial series "Easy node authentication" :
These are the changes regarding passport :
• Easy node authentication with ExpressJS 4.0
I am looking to implement cookiestore in my Express app, I followed this question
Best Session Storage Middleware for Express + MongoDB
and
https://github.com/kcbanner/connect-mongo
for my Express 3.x project, but for Express 4, connect middleware is deprecated.
Which is the suitable alternative for connect-mongo?
Middleware has been extracted out of the core and moved individual modules. This changes how you set up the app but you have the option to use the same middleware as before. The overview explaining how to migrate from 3.x to 4.x lists the modules that can be used as replacements for the Connect middleware.
The syntax will be slightly different as you explicitly install the modules, such as express-session, and the app.use statements are modified to reflect this. The options you pass to these modules, however, are the same as it was with the Connect middleware...so you can pass your connect-mongo details to express-session and keep rolling along.
So you don't have to change unless there's another problem that isn't clear in your original question...and there could be other problems if you have a large, established app. But if you are following a tutorial, you should be early enough in the process that this won't be a major issue.
Edit: It looks like there's also been discussion about Express 4 on the connect-mongo github page. There are more examples there about how to use this module with the new version of Express...
Edit 2: The code, referenced a few times on the github page, looks like this:
var session = require('express-session');
var MongoStore = require('connect-mongo')(session);
app.use(session({
secret: 'youshouldputyourownsecrethere',
store: new MongoStore({
db : mongoose.connection.db,
})
}));