I can't setup redis server because i'm on windows.
How can I store the sessions on disk so they will persist through node restarts?
Also, do I have to restart node everytime I modify a JS file for the changes to go through?
Btw, I'm already using express for node. Express uses the memorystore which means that sessions reset everytime node restarts.
There are multiple solutions:
https://github.com/antirez/redis/issues/238 < actually Redis got a patch so it can be built on Windows, may not be perfect but works
Make an account on https://redistogo.com/ , they provide a free database of 5Mb (which is ok if you just want to test out some things)
You can use something like connect-cookie-session, so that you store the session into the cookie (this is ok if you are just developing stuff and need to have durable sessions, and then use Redis into production)
Also, do I have to restart node everytime I modify a JS file for the changes to go through?
There are dedicated modules for that, one of the most popular being node-supervisor. Read the docs on their official page, it's really easy to use.
How can I store the sessions on disk so they will persist through node
restarts?
To be honest I have only used redis as my session-store, but you could also try to use(also found using http://search.npmjs.org:
mongodb as your session store.
supermarket-cart which I believe uses supermarket under the covers.
connect-fs: https://www.npmjs.com/search?q=connect-fs
connect-mysql-session: A MySQL session store for node.js connect.
connect-cookie-session: Connect middleware to allow you to store your sessions directly in the client's cookie.
Also, do I have to restart node everytime I modify a JS file for the
changes to go through?
Will answer this later!
You can use a cloud-based redis like http://redis4you.com/
Related
I can perform other operations on dashbord even server restart without reload the webpage
I am guessing you are not using any kind of persistence storage for your sessions. In that case the sessions are stored in memory of the express app. Hence a restart would drop all the sessions. You either need a cache like Redis or even postgres to persist your sessions.
We are running a node.js app with express 4.6.1 cookie parser 1.3.2 connect-flash 0.1.1 and express session 1.7.0.
We use flash to display messages on pages after redirects and sometimes store data in the req.session to auto fill forms when the user makes a mistake and needs to reenter. Recently we started using pm2 in cluster mode and most things seem to work fine but we noticed that we lose our flash data and data stored in req.session after a redirect.
Here is an example:
req.flash("signup", errorString);
req.session.storedData = {};
req.session.storedData.username = "";
req.session.storedData.password = req.body.password;
req.session.storedData.email = req.body.email;
req.session.storedData.emailConfirm = req.body.emailConfirm;
res.redirect(problemRedirectPath);
This comes from an endpoint that accepts a request after the users tries to signup but has an error of some kind. If we run this in without cluster mode the session data and the flash both show up properly but if we run this in cluster mode, they are both almost always lost (be not always :/)
Is there a better way to do this in cluster mode?
Unless you use Redis, Memcache, some other process to store session data you will not be able to use more than one Node process to handle requests. Right now your app is only using express-session to store session data, which by default only stores session data in memory.
https://github.com/expressjs/session#sessionoptions
See the warning section in the above link.
When you run an application with the cluster module it will fork a different process for each application instance. These processes cannot directly share memory without some work on your part to do so, which means when requests are round-robin distributed to the application instances any requests that do not end up at the same process will not be able to associate their cookie with the server-side session store.
I'd recommend changing your session store to something more production-ready such as Redis or Memcache. If you use Redis you may want to look at using connect-redis.
I had the same issue. After switching from using memory for Express session to memcached, everything works fine with pm2 cluster mode.
https://github.com/balor/connect-memcached
It's always recommended that applications should never store state in memory. By using a tool/solution like pm2, which is a load balancer/process manager that will distribute requests through all instances based on an algorithm, one process will not contains the same state stored in memory that the others processes have. The solution is: Use an external storage, shared and accessible for all instances, like mongo/redis/sql/etc. This way all processes will read state from the same source (not memory, but a database), solving the problem.
I want to make persistent sessions on server i am using node.js with express and for that first i read about connect-redis enter link description here and connect-mongo enter link description here i read that redis is faster then mongo that's why i decided to use it but now i also find a module named memcached enter link description here i dont know which will be better for my project, also in mamcache is data stored in memory or where because if it is memory then it must be fastest.
If you have already setup Redis then I would stick with it as it is very fast and easy to manage. MemCached and Redis are very similar when used for caching however the key difference is that Redis can be set to persist to disk in the background meaning that if the server goes down the data in memory can be reloaded.
Personally, I would not use MongoDb for session persistence for speed reasons however if I was using MemCached I'd possibly use it as a backup for the sessions. e.g. Write session data to MemCached and Mongo but only read from MemCached and use Mongo to restore is an error occurs.
Bottom line, I think your choice to use Redis is the best one for what you've described
Is there a way to switch session stores on the fly with express?
Currently depending on default config my express app is using either redis or mongo to store sessions.
So my question: is there a way to switch session from using redis to mongo on the fly? In case if redis goes down.
I tried calling app.use(express_session({....})) again but it doest work. I think there must me some hook that will allow me to delete current session store and create|add new one. Not sure where though.
I don't think there's a way to "un-use" a mounted middleware after the app has started, but what you could do is write your own session store (a pretty simple api to follow) that handles switching between the two (or more) stores.
I've been doing a lot of research lately and it appears to me that going stateless serverside brings benefits to both performance & scalability.
I am although trying to figure out how to achieve session-less-ness on Node.JS. It seems to me that basically all I have to do is assign a token to a logged in user, so I would have something like this in my DB:
{ user:'foo#example.com', pass:'123456', token:'long_id_here' }
so that the token can be send with every HTTP request like this:
/set/:key/:val/:token
to be checked against aforementioned DB object. Is this what it is actually meant to be a session-less web service?
If this is the right way, then I do not understand things like token expiry, and other security issues. I would like to be pointed out to NPM package of some sort?
On a side note, is it best for a token, to use a hash of the user+password, or to assign a different one at every login?
The reason to go sessionless is that most default session implementations use an in-memory store. That means that the session information is stored in memory local to that instance. Most websites these days are scaling out as traffic increases. This means they add more servers and balance the load between the servers. The problem with in-memory session stores is your user can log into Server 1, but if their next request is routed to Server 2, they don't have a session created yet and will appear to be logged off.
You don't necessarily need to go sessionless to scale out with node or any other server side language. You just need to use a session that isn't in local memory that would be accessible to all nodes. If you're using something like Express or Connect, you can easily use a session implementation like connect-redis which will enable you to have a fast session store which is accessible to all of your node instances so it doesn't matter which one is hit.