Reputation: 93
Using expressjs/nodejs store session logged in to redis
I'm using express/nodejs to store sesssion logged-in to redis with the code:
app.use(express.session({
key: 'myappname.sid',
secret: "Some Secret!!!",
store : new RedisStore({
host : '127.0.0.1',,
port : 6379,
}),
cookie : {
maxAge : 604800 // one week
}
}));
I check logged in status by:
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
When i loggin successfully, i saw the session of both chrome cookie and redis. But if i remove only one session on chrome cookie or redis, app will be no loggin status. Why does authenticating status depend on both chrome cookie and redis.
second question: I added domain like this
cookie : {
domain:"localhost", // or ".localhost"
maxAge : 604800 // one week
}
but when loggin successfully, no session store on chrome cookie, why this ?
Upvotes: 0
Views: 308
Answers (2)
Reputation: 93
Answer for question 1. With localhost , we need two dot with subdomain like sub1.app.localhost How do I make my sessions last cross-subdomain in Node.js Express?
Upvotes: 0
Reputation: 6668
For your second question, maxAge for cookie takes time in milliseconds. Your cookie would expire in 604 seconds.
For the first one, that is the correct way web security should work.
Upvotes: 1
Related Questions
- Express-session does not set cookie?
- Request cookie not returning Express session data as expected
- Express change session every request
- Share sessions between php and node
- Express Session is not storing in redis using Expression session - connect redis
- Express.js session undefined. Redis
- Express session stored in redis for anonymous
- Store Express Session in Cookie
- Using RedisStore in nodejs / expressjs
- Client cookie not stored properly in redis store using express in node.js