Using expressjs/nodejs store session logged in to redis

Question

I'm using express/nodejs to store sesssion logged-in to redis with the code:

app.use(express.session({
    key: 'myappname.sid',
    secret: "Some Secret!!!",
    store : new RedisStore({
        host : '127.0.0.1',,
        port : 6379,
    }),
    cookie : {
        maxAge : 604800 // one week
    }
}));

I check logged in status by:

function ensureAuthenticated(req, res, next) {
  if (req.isAuthenticated()) { return next(); }
      res.redirect('/login')
}

When i loggin successfully, i saw the session of both chrome cookie and redis. But if i remove only one session on chrome cookie or redis, app will be no loggin status. Why does authenticating status depend on both chrome cookie and redis.

second question: I added domain like this

cookie : {
domain:"localhost", // or ".localhost"
maxAge : 604800 // one week
 }

but when loggin successfully, no session store on chrome cookie, why this ?

score 1 · Accepted Answer · answered Mar 04 '14 at 10:00

1

For your second question, maxAge for cookie takes time in milliseconds. Your cookie would expire in 604 seconds.

For the first one, that is the correct way web security should work.

answered Mar 04 '14 at 10:00

Mukesh Soni

6,646
3
30
37

Thanks for your answer. About second question, it does not depend on maxAge. – Võ Huy Hưng Mar 04 '14 at 10:29

score 0 · Answer 2 · edited May 23 '17 at 12:10

0

Answer for question 1. With localhost , we need two dot with subdomain like sub1.app.localhost How do I make my sessions last cross-subdomain in Node.js Express?

edited May 23 '17 at 12:10

Community

1
1

answered Mar 04 '14 at 11:34

Võ Huy Hưng

93
1
4

Using expressjs/nodejs store session logged in to redis

2 Answers2