Reputation: 1532
How to avoid sessions until logged in within Express
I cannot seem to figure a way to prevent Express/Connect from creating sessions until I have a valid log in from the user.
The problem especially arises when using a DB-Backed Session Storage and calling the REST Services from non-browsers as in such cases, the Connect Session Object will create a new Session for each request which I do of course want to prevent.
However, I do need sessions whenever the user is authenticated as I am using Passport.js for authentication which requires sessions as well as I do require it to load session data from sent cookie information.
Looking at the source of the Connect Session Code, it seems it is always creating a new Session if none got sent from client without any option to prevent it?
Upvotes: 2
Views: 229
Answers (1)
Reputation: 3064
If you can easily identify calls to your API at query time you could do something like this:
app.use(function(req, res, next){
if ( req.path.indexOf("/api") == 0 ) return next();
else return express.session()( req, res, next );
});
This way the session middleware is only included if the request URL doesn't match some condition. I haven't tried this in anger though, so you might want to consider initialising express.session() outside the function, and make sure there aren't any other repercussions.
Upvotes: 1
Related Questions
- Node.JS session without cookies
- NodeJS Session Management in Main
- Node.js Express disable automatic session creation
- In Express.js, how do I generate server-side sessions for logged in users only?mo
- Node.js session login
- Disable session in Express app config
- How to avoid creating a session on a particular Express route?
- Express JS Keep Session Alive On restart
- maintain user login status in express.js
- How to manage session in Node.js