0

I am using nodejs (express) with mongodb and I am trying to figure out how cookies work. I am currently able to let a user login and authenticate it. How do I bring cookies into play and how do I use cookies to query mongodb for the user's info to pull it onto the next page and pages after that, once they login.

Currently I have a route file that posts the login request and then redirects based on success to a userProfile page, I want to include user specific details on that page and then be able to show user other pages and have him return to his unique pages again while querying.

UPDATED CODE: (Can cookie be called the way it is called in the updated code?)

login post route file

exports.loginPost = function(req, res, next) {
    passport.authenticate('local', function(err, user, info) {
        if (err) { return next(err) }
        if (!user) { return res.redirect('loginError'); }
        req.logIn(user, function(err) {
          if (err) { return next(err); }    
          res.cookie('name', req.params.email, { expires: new Date(Date.now() + 900000), httpOnly: true });    
          return res.redirect('userProfile');
        });
  })(req, res, next);
};
Lion789
  • 4,402
  • 12
  • 58
  • 96
  • Try to use cookieParser http://expressjs.com/api.html#cookieParser – AntouanK Jul 03 '13 at 14:38
  • I understand that, but for example I have a cookieparser from express on my main app.js file. How do I set it and where do I have to set it on login? How do I use it for querying too? I am attaching my code if an example can be shown that would be great. – Lion789 Jul 03 '13 at 14:48
  • I had the same problem because express documentation is ... minimal. Try to google it and see examples. – AntouanK Jul 03 '13 at 15:08

1 Answers1

1

read this first What does middleware and app.use actually mean in Expressjs?

then use cookieparser and cookiesession

app.use(express.cookieParser('yoursecretkeyhere'));
app.use(express.cookieSession();

and split your above function into an authentication middleware method and an authenticate POST handler.

Your authentication middleware just needs to check whether the session has an Authenticated flag and if not redirect to your login page. (if this is part of a single page app, just return a 401 and ask for credentials in your browser)

Your authenticate POST handler then checks the posted username and password credentials (or other credentials against a 3rd party api) and sets the session.Authenticated flag followed by a redirect.

Community
  • 1
  • 1
AndyD
  • 5,252
  • 35
  • 32
  • I cannot just stick it in the login post like this: res.cookie('name', req.params.email, { expires: new Date(Date.now() + 900000), httpOnly: true }); after it authenticates. – Lion789 Jul 03 '13 at 15:21
  • 1
    not sure I understand. cookieSession is middleware which stores anything you add to the session object into an encrypted cookie. Your browser will send the cookie to your server(s) on every request, cookieSession reads it and populates all values back into your session. You should not put things in an unencrypted cookie that should be tamper proof. – AndyD Jul 03 '13 at 16:05