I've got a simple web-page created in node/express which has a simple login system. The way i'm testing if a user has logged in, is basically a check to see if req.session.user exist, which is created at login, and the session is destroyed on logout.
This works great as long as the client connects to http://localhost:8000, however, if i connect to http://10.0.1.6:8000 a new session object is created on every request, which means i can never check if the user actually has logged in.
Why is this? I need to connect to http://10.0.1.6:8000 as I'm testing my client from android (where localhost is the android device, not my server/computer).
Silly me, gotta stop programming when tired. I was running the index.html file locally, instead of from the server (cross-domain cookies? i laugh in your face!)
You can try to set up a session with your app.
var app = express.createServer();
app.use(express.cookieParser(...));
app.use(express.session(...));
According to the docs you also have to use cookieParser() before you set up your session.
http://expressjs.com/guide.html
http://www.senchalabs.org/connect/middleware-session.html
Related
I am kind of new to Express and Node (I come from the front-end development world), so this might be a really stupid question.
Currently, I work on an Express JS app that uses express-session, sessionstore + memcache and cookie-parser for managing sessions.
I have a particular use case wherein I have one session variable (age) that is passed on to every view through a middleware that someone in the team who created the app had written:
response.locals.age = request.session.age
The request.session.age is populated from a UserAccount model that is fetched during login.
Now, this middleware is called before the the request reaches the controller, so by the time I get this in my view, the response.locals.age has already been set, which is displayed in the template as is.
My question is this: The age variable can be reset separately through an Admin interface. But because the session is set only upon login, the change doesn't reflect until I logout and login again. I do get the new age value by fetching the UserAccount model again, but I don't know how to refresh the session with the new value without having to logout and login again. I tried doing this:
req.session.age = res.locals.age = < UserAccountResponse >.age;
But this doesn't seem to work. What is the ideal way to 'force refresh' the session in this scenario in Express along with the mentioned middlewares? Thanks in advance!
I'm new to sail's and node, I'm trying to create/maintain a session without user login. The user sends request to server and i'm trying to store the session by req.session.uid="some uniqueid", and when again the same user tries for another request i'm unable to get the session. For every request a new session id is coming(session is not persisting).
please help by posting the code or by referring to already existing code.
You should call req.session.save(); at the end to persist the data.
I'm having some troubles getting to a route I got. The route works on http://localhost:3000/me and shows info but on http://localhost:3000/!#/me it doenst show anything. The purpose of said route is to show the logged persons' profile.
On my server routes I got:
app.get('/me', users.me);
The users.me function is as follows:
exports.me = function(req, res) {
res.jsonp(req.user);
};
The console states it expected a object and got an array, I can understand that since I'm getting a json, but how can I send the own user back to the front-end so it shows his/her profile?
Edit: I managed to solve my problem, since I use passportjs I can get the user id from the session. Since I already had a route for a user by id, I simply had to redirect to said route. Like this: req.redirect('users/'+ req.session.passport.user);. Since I already had a /users/:userId route working it completely solved my issue.
Edit2: Apparently there are several ways to get the user id. Try to console.log the request and you will see what I mean :)
/me and /!#/me are not the same route . The later won't match get('
/me',..)
the hash fragment #/me will not send to the server, you cannot capture that by server side routers(without force the page refresh by client code). But you can manage that by client-code.
Am looking for some information on how to create a node.js login system, I have came across a lot of examples using express.
But am looking for some direction on how to do this without using express.
The main reason behind this is that my login webpages will be hosted on an apache server and my node.js server application will be running on a different server running mongoDB.
Any help in pointing me in the right direction would be great.
Thanks,
Iain
I know you said you didn't want solutions using express. But you may want to checkout Drywall for other inspiration. There are a lot of problems we solved and I'm sure there are some take-a-ways you could use.
Drywall Aqua - A website and user system for Node.js:
https://jedireza.github.io/aqua/
SweetAuth
A lightweight, zero-configuration user authentication module which doesn't depend on a database.
https://www.npmjs.com/package/sweet-auth
It's simple as:
app.get('/private-page', (req, res) => {
if (req.user.isAuthorized) {
// user is logged in! send the requested page
// you can access req.user.email
}
else {
// user not logged in. redirect to login page
}
})
With this, you have the flexibility to point your front end pages in a separate server to a nodejs in another server.
I am building a single-page-application with a passport local authentication.
The user is authenticated and returned within app.post "/login"
After the userobject is returned I save it in Chaplin.mediator.user (like seen in the facebook-example). As long as I don't change the URL manually everything works fine, but when I change the URL and hit enter, the application gets loaded again however with a different route --> no user in the front end.
What I am doing right now is everytime I change the route manually I send a request to the server and ask for the user in req.user. After receiving the user the application continues its workflow. It works but I don't think this is how it's meant to be. If you don't wait for the response you end up having no user object although you are logged in.
How can I solve this problem?
EDIT: I ended up saving the user in a seperate cookie.
This is how I save the user:
$.cookie.json = true;
$.cookie 'user', user.toJSON()
And this is how I extract the user after the page was loaded:
userCookie = $.cookie 'user'
if userCookie?
mediator.user = new Model JSON.parse userCookie
You need the jquery-cookie plugin to make it work. Don't forget to delete the cookie if the user logs out. And of course I am still open to other ideas.
You should store the user (aka the session) locally. When the Backbone application loads, you should then route the user to the correct place if they in fact are already logged in.