Clearing sessions in mongodb, expressjs, nodejs - node.js

My configuration:
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({
secret: 'MY SECRET',
store: new MongoStore({
db: 'MY SESSION DB',
host: 'localhost',
port:88888
})
}));
app.use(everyauth.middleware());
app.use(express.methodOverride());
app.use(app.router);
});
app.configure('dev', function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
appPort = config.port; //Setting PORT to 8888 in dev mode.
app.use('/public', express.static(__dirname + '/public'));
});
app.configure('production', function(){
app.use(express.errorHandler());
appPort = config.port;
//Set cache-header-expires to 1 day
var oneDay = 86400000;
//app.use('/public', express.static(__dirname + '/public'));
app.use('/public',express.static(__dirname + '/public', { maxAge: oneDay }));
});
Now, I have a 'logout' link which goes to /logout on my app.
AFAIK, express automatically takes care of clearing sessions on logout. But with my config, I dont think its doing that. For example, A custom variable attached to session
req.session.custom
still holds after logout. However,
req.session.auth
is cleared after logout.
The number of session object in my MongoDb store are only incrementing over time. I am using everyauth as well.
What am I missing or doing wrong?

If you want to fully clear the session for the user on logout you can call req.session.destroy() from your everyauth.everymodule.handleLogout function. Only req.session.auth is cleared when you call req.logout().

why is it creating a new session in mongo store.Is there any way to
prevent it when i am redirected to login again. – loneranger Jun 7 '15 at 5:43
There's a saveUninitialized option to prevent the session to be saved if it does not contain any data.
app.use(session({
secret: 'secret123',
store: new MongoStore({
mongooseConnection: mongoose.connection,
ttl: 60 * 30 // half hour
}),
saveUninitialized: false
}));

Related

Express creating new session for each request

Express-session is creating a new session (new sessionID) for new request. And it happens intermittently, for example sometimes for first 3-4 hits it will work fine and keep using same existing session and on 4th hit it will create a new one, Sometimes it will create new session on first request itself.
Also this Issue comes on my hosted website. It works fine on localhost.
Things that i have already tried and are not working..
Express session is created after static file routes.
Express session secret and cookieParser secret are set to same.
Using app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'))); for favicon.
Setting very high value for max-age field while creating cookie.
Below is my app.js snippet -
var passport = require('passport');
var expressSession = require('express-session');
var app = express();
app.engine('hbs', hbs.express4({
partialsDir: __dirname + '/views/partials'
}));
app.set('view engine', 'hbs');
app.set('views', path.join(__dirname, 'views'));
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));
var flash = require('connect-flash');
app.use(flash());
var initPassport = require('./passport/init');
initPassport(passport);
//app.use(bodyParser.urlencoded());
app.use(cookieParser('mysecret'));
app.use(expressSession({ secret: 'mysecret', name:'user', cookie: {maxAge: 60000000}}));
app.use(passport.initialize());
app.use(passport.session());
Any kind of help would be greatly appreciated. Thanks.
why don't you use MongoStore to store session data? may be that will solve your problem.
app.use(session({
secret: 'mysecret',
resave: false,
saveUninitialized: false,
expires: new Date(Date.now() + (60 * 60 * 24 * 7 * 1000)),
cookie: { } ,
store: new MongoStore({mongooseConnection: mongoose.connection})
}));
For those landing here for a similar multi session creation, I solved my issue by setting this flag in the session middleware to false. It saves your cookie in DB only when it has been updated with some additional data like an email for example. `
saveUninitialized: false

No DB host/port required for connect-sqlite3 session store?

Hi i'm looking into sqlite3 for my nodejs/expressjs/passport session management.
In redis, it's like this,
app.use(express.session({
store: new RedisStore({
host: 'localhost',
port: 6379,
db: 2,
pass: 'RedisPASS'
}),
secret: '1234567890QWERTY'
}));
but in sqlite3 there's no host/port
https://github.com/rawberg/connect-sqlite3
var session = require('express-session');
var SQLiteStore = require('connect-sqlite3')(session);
app.configure(function() {
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({
store: new SQLiteStore,
secret: 'your secret',
cookie: { maxAge: 7 * 24 * 60 * 60 * 1000 } // 1 week
}));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
});
How come ?
SQLite like access does not have a server, just a file.
While Redis or mongodb are server based DBs where you connect to a server to connect to the DB.
SQLite needs no host/port because it's serverless.

getting authenticated user info from passportjs and express

I have an express application that uses passport for OAuth. I have it working successfully with Google and Facebook. My problem is that I can get req.user on controller functions where the routes are configured like this:
router.post('/', auth.isAuthenticated(), controller.create);
but when I try to access the user info from a controller function that doesn't require authentication, req.user is undefined even though the user is logged in. What am I doing wrong here?
and here is how express and passport are configured:
module.exports = function(app) {
var env = app.get('env');
app.set('views', config.root + '/server/views');
app.engine('html', require('ejs').renderFile);
app.set('view engine', 'html');
app.use(compression());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
app.use(methodOverride());
app.use(cookieParser());
// Persist sessions with mongoStore
// We need to enable sessions for passport twitter because its an oauth 1.0 strategy
app.use(session({
secret: config.secrets.session,
resave: true,
saveUninitialized: true,
store: new mongoStore({ mongoose_connection: mongoose.connection })
}));
app.use(passport.initialize());
app.use(passport.session());
.
.
.

How to keep session in expressjs to not expire

I have written a simple cms in nodejs using expressjs framework. I used passportjs for authentication using twitter. below is my app.configure:
app.configure(function(){
//views
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
//parse request bodies
app.use(express.bodyParser());
app.use(express.methodOverride());
// session support
app.use(express.cookieParser(cfg.cookie_secret));
app.use(express.session({
key : 'whynode',
store : sessionStore,
cookie: {
expires: new Date(Date.now() + 60 * 10000),
maxAge: 60*10000
}
}));
app.use(passport.initialize());
app.use(passport.session());
//pass user data
app.use(function(req, res, next) {
res.locals.req_path = req.path;
res.locals.user = req.user || false;
next();
});
//get routers
app.use(app.router);
//serve asset files
app.use('/assets', express.static(__dirname + '/public'));
});
I used redis for session store. full app.js code can be viewed here full app.js
What I am now experiencing is when I leave app unused for some minutes, session expires and I need to login again. How do we make so that session doesnot timeout for atleast 2-3 hours of inactivity?
Adjust this code:
cookie: {
expires: new Date(Date.now() + 60 * 10000),
maxAge: 60*10000
}
That sets the expiry for your session to 10 minutes. You don't need to use both maxAge or expires, one will suffice (the difference is that expires uses a Date instance and maxAge just means expire X milliseconds from now).
For RedisStore you can set disableTTL to true. Keys will stay in redis until evicted by other means.
var sessionStore = new RedisStore({client: rClinet, disableTTL: true})

express cookie return undefined

I'm trying to set cookie on express.js but it return undefined.
I've searched many web pages and put express.cookieParser() above app.use(app.router)
but it still can't return the right value.
app.js
app.configure(function(){
var RedisStore = require('connect-redis')(express);
app.use(express.logger());
app.set('view options', { layout: false });
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser({uploadDir: './uploads/tmp'}));
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({ secret: "william", store: new RedisStore }));
//Initialize Passport! Also use passport.session() middleware, to support
//persistent login sessions (recommended).
app.use(passport.initialize());
app.use(passport.session());
//app.router should be after passportjs
app.use(app.router);
app.use(express.compiler({ src: __dirname + '/public', enable: ['less']}));
app.use(express.static(path.join(__dirname, 'public')));
});
app.get('/', function(req, res) {
res.cookie('cart', 'test', {maxAge: 900000, httpOnly: true})
});
app.get('/test', function(req, res) {
res.send('testcookie: ' + req.cookies.cart);
});
the result:
testcookie: undefined
Cookies are set in HTTP Headers. res.cookie() just sets the header for your HTTP result, but doesn't actually send any HTTP. If your code was syntactically correct and it ran, it would actually just sit and not return anything. I also fixed some syntax bugs in your code in this app.get():
app.get('/', function(req, res) {
res.cookie('cart', 'test', {maxAge: 900000, httpOnly: true});
res.send('Check your cookies. One should be in there now');
});
You need to send something out, or at least call res.end(), after setting the cookie. Otherwise all res.cookie() does is add some headers to a list of headers that will be sent out later.
Set cookie name to value, where which may be a string or object converted to JSON. The path option defaults to "/".
res.cookie('name', 'tobi', { domain: '.example.com', path: '/admin', secure: true });
Here is the Link for more detail
http://expressjs.com/api.html#res.cookie

Resources