expressjs
Request: a getSession method?
I'm working with an application that has other means of communication the do not go through the middleware. I have managed to do a hack job of unsigning cookies on the outside requests, but it would be nice to have a method as part of the middleware to take either a cookie string or a request object and return the session data.
Hope you'll consider the request
Use the .get method on the store you are using. That's what this module does internally.
Right. That's what I had to do after a bunch of cookie parsing. The store's get method takes an Id and in order to get the id, I had to parse then unsign the cookie. I was hoping for a convenience method that would not require me to save my private key that I pass to express-session so that my call to unsign can use it.
👍
Can you just export the store object that is created so that we could access it from session.store and allow the ability to use all the methods associated with the store.
@ejwaibel - i need your feature request added now! I've made a workaround, but it looks ugly as sin!
var express_session = require('express-session'),
redis_store = new (require('connect-redis')(express_session))()
app.set('redis_store', redis_store)
app.session = express_session({
store: redis_store,
secret: process.env.session_secret,
name: process.env.session_name,
rolling: true,
saveUninitialized: true,
unset: 'destroy',
resave: true,
proxy: true,
logErrors: false,
cookie: {
path: '/',
domain: '.' + process.env.app_domain,
httpOnly: true,
secure: process.env.protocol === 'https',
maxAge: (60 * 60 * 1000) // 60 mins
}
})
app.use(app.session)
I am having to set app.set('redis_store', redis_store) as shown above
app.get('redis_store').destroy()
When all I should have to do is this...
app.session.store.destroy()
Check out this solution! I am rolling with this...I am an animal!! lol
var express_session = require('express-session')
app.set('redis_store', new (require('connect-redis')(express_session))())
app.set('session_vars', {
store: app.get('redis_store'),
secret: process.env.session_secret,
name: process.env.session_name,
rolling: true,
saveUninitialized: true,
unset: 'destroy',
resave: true,
proxy: true,
logErrors: false,
cookie: {
path: '/',
domain: '.' + process.env.app_domain,
httpOnly: true,
secure: process.env.protocol === 'https',
maxAge: (60 * 60 * 1000) // 60 mins
}
})
var session = express_session(app.get('session_vars'))
app.use(session)
app.set('session', session)
app.use(require('./middleware')(app)
loadControllers()
Now we can access redis_store anywhere in our app.
app.post('/logout', (req, res) => {
app.get('redis_store').destroy(() => {
console.log('You ANIMAL!')
})
})
Easily access express_session parameters...
console.log(app.get('session_vars').rolling)
// return true
console.log(app.get('session_vars').save_uninitialized)
// return true
console.log(app.get('session_vars').cookie)
// return {
path: '/',
domain: '.mydomain.io',
httpOnly: true,
secure: true,
maxAge: 36000000
}
@dougwilson - thoughts on this implementation? any drawbacks? can we possibly nuke a few lines of code?
@j3gb3rt - your thoughts? I know this doesn't really answer your original post. That cookie decrypt code that you wrote, you should create a pull request and share. It could be of great benefit to many others.
no need to do some complicated things! you can just create a middleware like this:
index.js
app.use(require('./middlewares/sessions.js'));
middlewares/sessions.js
module.exports = (req, res, next) => {
if (!req.app.sessions) req.app.sessions = {};
req.app.sessions[req.session.id] = req.session;
next();
}
you can now log all your sessions by doing app.sessions[sessionid]!
