0

I have a login system with my NodeJS using mysql-node.

The problem i have how ever is how to keep the user logged in, if they refresh the page they have to login again, because i do not know how to store the session.

My login system is like this:

socket.on('login', function(data,callBack){

    var username = sanitize(data['login']).escape(),
        pass = sanitize(data['password']).escape();

        var query = connection.query('SELECT uid FROM users WHERE name = ? AND pass = ?', [username,pass],
            function(err,results){
                if(err){ 
                    console.log('Oh No! '+err);
                } else if(results.length == 1){
                    //some how set a session here 
                } else if(!results.length) {
                    console.log('No rows found!');
                }
            });
    });

I'm having difficulty understanding how i set up a session for each client that connects. Is this possible with NodeJS ?

Sir
  • 8,135
  • 17
  • 83
  • 146

3 Answers3

3

Reading that they assign express to var app but if i already have this : var app = http.createServer( ... how can i also assign express to it :S bit confusing

You need to understand the difference between a express' server and a native NodeJS' server, here my link comparaison nodejs server vs express server

So you can do:

var app = express();
var server = http.createServer(app);

This enable you to have still the low level functionnaly with NodeJS.

So, if you don't want to use existing modules or framework, you can build your own session manager:

  1. using cookie
  2. using IP/UA
  3. using socket

The best way would be first to implement it with socket, for example:

server.on('connection', function (socket) {
  socket.id = id;
});

or

server.on('request', function (req, res) {
  req.connection.id = id; // The socket can also be accessed at request.connection.
});

So, you just need to implement a middleware who check the id.

If you want to prevent from session prediction, session sidejacking, etc. you need to combine cookies, ip, socket, and your ideas to make it more secure for your app.

Once you've done your session manager, you can choose where to store the sessions, in a simple object, in redis, in mongodb, in mysql ... (express use MemoryStore by default, but maybe not now)

Community
  • 1
  • 1
0

I don't have an idea if nodejs has core feature of saving sessions. you need to use a database along with it. using Express will help you to utilized a database to persist user sessions. You better study and use it

http://expressjs.com/

http://blog.modulus.io/nodejs-and-express-sessions

Netorica
  • 18,523
  • 17
  • 73
  • 108
  • Reading that they assign express to var app but if i already have this : `var app = http.createServer( ... ` how can i also assign express to it :S bit confusing – Sir Dec 13 '13 at 03:24
-1

I don't think there is any session mechanism within Nodejs' core. However, they are plenty of libraries that would allow you to do it. The first that comes to mind is Connect's session, which is a middleware for Nodejs. Have a look at this question for more details on how to use it.

Have a look at this tutorial from dailyjs which tries to include Express's session into a notepad webapp. The source code is available here. (Note that Express' session is based on Connect's, and is practically the same).

EDIT: Here is a more complete example for Node authentication, using mongoose. They do however show their schemas, so I assume you can easily do the transition to MySQL.

Community
  • 1
  • 1
verybadalloc
  • 5,768
  • 2
  • 33
  • 49