Session id parsed from custom HTTP header about session HOT 6 CLOSED

Not sure if I should suggest the pull request for this feature. Is this repository about only cookie-based sessions?

No, that is cookie-sessions. This is a generic session middleware that has to be hooked into a session store. (please don't use memory store, for your own good.)

.. so, you can make a PR if you'd like. :)

from session.

Well, this is a generic one got web requests using Cookies. This has been brought up a few times and the answer is it just don't fit in.

there are some restrictions with fetching them in JavaScript

this module simply hides them from javascript access by default. have you tried the following?

app.use(session({
    secret: 'keyboard cat'
  , cookie: { httpOnly: false } // allow JavaScript access to cookie
}))

from session.

Yes, tried this. But removing httpOnly mark is not enough when using AJAX requests. I still had problems with xhr.getResponseHeader('Set-Cookie'). As I can see, it's restricted by latest XMLHttpRequest Level 1 draft

Returns the header field value from the response of which the field name matches header, unless the field name is Set-Cookie or Set-Cookie2.

from session.

@detonator anything that is in Set-Cookie will automatically become part of document.cookie after the request completes, no?

from session.

@dougwilson nope, document.cookie returns cookies for current domain. Some of my requests are performed via CORS with pre-flight. So the only place where I can fetch session ID is in the AJAX request callback.

from session.

Oh, you didn't mention CORS :) Yes, you cannot access cookies from another domain no matter what (also, this is the reason you cannot read Set-Cookie headers ;) ). Send your PR and I can mull it over. I see you just have a fork, so it should be easy, haha.

from session.