CODEWITHSUNDEEP
node.jssessioncookiesexpresspassport.js
Matti Lehtinen
Matti Lehtinen

Reputation: 1764

Using cookieSession with Passport

I want to use cookie session store with Passport because memory store is not designed for production:

Warning: connection.session() MemoryStore is not
designed for a production environment, as it will leak
memory, and will not scale past a single process.

Here's my Express initialization:

app.use(express.bodyParser({keepExtensions:true}));
app.use(express.cookieParser(cookieSecret));
app.use(express.cookieSession({ 
    key: cookieKey,
    secret: cookieSecret,
    maxAge: sessionTimeout
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(express.methodOverride());
app.use(express.static(__dirname + '/public'));

Everything works normally if I change express.cookieSession to express.session. When using cookieSession user login succeeds but the user is not logged in anymore after next page load occurs. Any tips how to make passport work with cookie sessions?

I'm using Express 3.0.0

Upvotes: 2

Views: 12080

Answers (2)

Snidely Whiplash
Snidely Whiplash

Reputation: 103

I know this is old, but I had the same issue. Turns out you don't need to (in fact you can't) set the secret option in both cookieParser and cookieSession.

See my answer on my own post: https://stackoverflow.com/a/30109922/3500059

Upvotes: 1

robertklep
robertklep

Reputation: 203296

The initialization of cookieSession isn't correct. Try this:

app.use(express.cookieSession({ 
  key    : cookieKey,
  secret : cookieSecret,
  cookie : {
    maxAge: sessionTimeout
  }
}));

Also, make sure that sessionTimeout is in milliseconds.

Upvotes: 1

Related Questions