Reputation: 286
how to maintain persistent session in node js when server restarts?
As far as i studied so far from stackoverflow answers regarding making sessions persistent after server restart.
There are 4 possible ways which i considering to do with my mean app.
- cookie-Sessions https://www.npmjs.com/package/cookie-session
- using Json web tokens (JWT) https://www.npmjs.com/package/jsonwebtoken
- using connect-mongo/connect-redis
- passport.js
Now my doubt is if i will restart my server in mongo and redis . session will still be there as they are external data stores. but how to make my session persistent using JWT and cookie sessions. where are these session variables are stored.
In case of passport.js the solution which i came across is to make session persistent is to store session data in connect-mongo/connect-redis.
is there any other way in passport to make sessions persistent?
Upvotes: 12
Views: 8150
Answers (1)
Reputation: 7204
If you store session at external storage, then after restart it should be available.
Passport is not responsible for sessions. You setup session independently from passport in express. Passport is authentication middleware with strategy to use your session. you setup express session:
app.use(express.session(session options));
and after that you init and setup passport to use session:
app.use(passport.initialize());
app.use(passport.session());
It means that regardless of whether you use passport or not, session configuration will be the same.
there are few ways to make sessions persistent: Most of them store session in db or in file system (memory storage is appropiate only in dev env). Please look at this npm search list link.
List of Compatible Session Stores from official express-session page https://github.com/expressjs/session#compatible-session-stores
Jwt token, if properly implemented, is stateless. It means that your server does not storage any session data, It doesnt know how many sessions are valid. It authorize request if it have valid jwt token.
Jwt token can store some data, like your user id. When your server receive token, it decode it and validate, then you have access to data from this token. Please read this article for more details :
https://stormpath.com/blog/jwt-the-right-way/
Most important parts (there are more important things, butthese are sometimes forgotten):
Always verify the signature before you trust any information in the JWT
and:
Do not contain any sensitive data in a JWT
Please look at this module for maintain jwt:
https://www.npmjs.com/package/json-web-token
or even for some hybrid solution module (redis session with jwt token):
https://www.npmjs.com/package/jwt-redis-session
Upvotes: 8
Related Questions
- Keep passport session alive during server restart
- Keep user sessions logged in on Node.js server restart
- Express change session every request
- Nodejs + Passport.js + Redis: how to store sessions in Redis
- Keep express sessions on NodeJS restart
- How to keep user logged in even after reloading the main file (index.js)?
- Preserving session between node.js server reboots
- Express JS Keep Session Alive On restart
- Keep new session when refresh page in nodejs
- node+express+redis persistent session/remember me