0

I am using iodocs from Mashery to be the developer front end to my REST API. My API is written with Node / Express, and uses PassportJS to authenticate the user (local strategy). My implementation requires the user to use the /login endpoint, passing in username and password. Then, Passport serializes the user in a cookie, so that subsequent requests do not need to log in.

When using iodocs, the cookie that Passport sets ("connect.sid") is not passed back in subsequent requests.

Is there a way to do this? Is there an authentication method that IODocs supports that works this way?

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Scott Switzer
  • 1,064
  • 1
  • 15
  • 25
  • BTW - I am running iodocs on localhost:3001 and my REST API on localhost:3000. I suspect that cookies cannot be passed between different ports - I will set up nginx as a proxy and try again. – Scott Switzer Jan 18 '13 at 17:56

1 Answers1

1

Cookies WILL traverse across the ports. An issue you may be encountering is that "connect.sid" is also being set by I/O Docs in that it's using the Express session.js middleware module, so that cookie value is probably getting overwritten.

Try updating I/O Docs app.js with a different cookie name in the session initializer -- setting the "key" value:

app.use(express.session({
    secret: config.sessionSecret,
    key: 'iodocs.connect.sid',
    store:  new RedisStore({
        'host':   config.redis.host,
        'port':   config.redis.port,
        'pass':   config.redis.password,
        'maxAge': 1209600000
    })
}));
mansilladev
  • 1,010
  • 8
  • 16