quorrajs / nodesession Goto Github PK
View Code? Open in Web Editor NEWSession handling for NodeJS
License: MIT License
Session handling for NodeJS
License: MIT License
I am interested in using NodeSession with following configuration:
iisnode version is 0.2.21,
node version is v10.7.0,
express version 4.16.3
My code is as follows:
// express
var express = require('express');
var app = express();
// path
var path = require('path');
// session management
var NodeSession = require('node-session');
session = new NodeSession({secret: 'mysecretkeygoeshere'});
session.startSession(req, res, callback);
I am not sure where I should put the line 'session.startSession(req, res, callback)', it throws error showing "'req' is undefined".
Using encrypt: true on an http server in node js and getting the error in the title
let session = new NodeSession({ secret: 'secret', lifetime: 60 * 1000, encrypt: true });
Hi,
I just installed your package and saw 5 low security vulnerabilities due to lodash version.
>npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > switchback > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > waterline-schema > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > waterline-criteria > lodash
More info https://nodesecurity.io/advisories/577
found 5 low severity vulnerabilities in 563 scanned packages
Even though they are low risk, I want to use your package in a productive environment. Would you mind to upgrade your packages to use lodash >= 4.17.5.
If I find time, I can do the upgrade as well, if you like.
I am trying to wrap my head around how to use this library and can't. I believe I am missing some common knowledge, so it is my fault, but throwing in a couple of links to give direction would probably help others like me. I don't even know what to look. Specifically I am stuck trying to understand how to re-attach the session to the request when it comes the second time.
Init:
var NodeSession = require('node-session');
session = new NodeSession({secret: 'Q3UBzdH9GEfiRCTKbi5MTPyChpzXLsTD'});
On new request:
var callback = function(error, data){/.../};
session.startSession(req, res, callback);
Issue:
NodeSession expects a folder named "sessions" to exist, and understandably will fail if that isn't the case. The problem is that it crashes Node instead of calling the callback with an error object. The real issue here is it probably will also crashes if some other types of errors occur during startSession.
I've set cookie for wildcard domain from client side, with cookie name my-test
and offcourse without secret key
. Using this package,can I get value or details of cookie with name my-test
?
I tried to make node-session work along with express:
var express = require('express')
var NodeSession = require('node-session');
var session = new NodeSession({secret: 'Q3UBzdH9GEfiRCTKbi5MTPyChpzXLsTD'});
var app = express()
app.use(function (req, res, next) {
session.startSession(req, res, function() {})
// count the views
req.session.put('views', (req.session.get('views') || 0) + 1)
next()
})
app.get('/', function (req, res, next) {
res.send('you viewed this page ' + req.session.get('views') + ' times')
})
app.listen(3000, () => console.log('Example app listening on port 3000!'))
But data from session is not loaded and very time I see "you viewed this page 1 times".
Could you tell what is wrong or is it issue?
Session variable goes missing. Cookie still valid. Session still valid. I'm using the file session storage. Looking at the session file, before and after missing, and the only thing different is the session variable is gone. I've copied the session file when the session variable is present and then restored the file after the session variable disappears and we're back up and running.
I can GET and POST any number of times, usually many times, sometimes only a few times, and the session variable remains, then the next round trip to the server and the session variable is gone immediately upon startSession
.
I've noticed in the session file flash: { old: [], new: [] }
is present with the session variable, but goes missing along with the session variable.
Looking at the server logs: on the last pass before it goes missing I can track the presence of the session variable all the way through the server processing, still there at the end of the procedure. Then on the next pass, immediately after startSession
the session variable (and flash: { old: [], new: [] }
) is gone.
Using this type of setup:
https://github.com/quorrajs/NodeSession/blob/master/examples/nodehttps.js
Setting the session variable, at login: req.session.put('usertoken', usercredentialsobj.usertoken)
.
Authenticating: if ( true === req.session.has('usertoken') ) {
. Here is where I get directed to the login screen when the session variable is missing.
If token exists, then comparing token to database: db.usertokenvalid({usertoken:req.session.get('usertoken')}, function (err, usertokenobj) {
.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.