Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Share session between two node apps #98

Closed
kevinprotoss opened this Issue Feb 25, 2014 · 10 comments

Comments

Projects
None yet
4 participants

Hello,

Does any one knows whether can a session be shared between two separate node apps by using connect-mongo? These two apps listen on different ports and I set the reverse proxy in the nginx. They have domains as the following:
www.mydomain.com
forum.mydomain.com
The second one is the subdomain. Is it possible to share session between them?

Best regards,
Kevin

darul75 commented May 13, 2014

I have not looked deeply but would say it depends of cookie domain, in your case it should be done with a ".mydomain.com" cookie to match both:

connect.session({ cookie: { domain : ".mydomain.com" }})

oh sorry 3 months later ;)

Collaborator

kcbanner commented May 13, 2014

This is a bad idea. What if both apps write to the session at the same time?

darul75 commented May 13, 2014

cookie is just used to store sessionId, isn'it ?

Collaborator

kcbanner commented May 13, 2014

Consider this scenario:

  1. Server A reads the session data
  2. Server B reads the session data
  3. Server A adds key foo
  4. Server B adds key bar
  5. Server A writes the session data
  6. Server B writes the session data
  7. You have lost the foo key.

darul75 commented May 13, 2014

But in the case of Connect, maybe it could be relevant to check when dealing with the same session, with 2 different domains, we could play with nested object in this way :

var sess = req.session;

session.mydomain1 = {data:....}

session.mydomain2 = {data:....}

and not erased anything ?

Collaborator

kcbanner commented May 13, 2014

The same problem applies though, one can erase the addition of the other:

  1. Server A reads the session data
  2. Server B reads the session data
  3. Server A adds key mydomain1
  4. Server B adds key mydomain2
  5. Server A writes the session data
  6. Server B writes the session data
  7. You have lost the mydomain1 key.

darul75 commented May 13, 2014

but in common cases, one user will make one request at a time (on each domain) and session will be flushed after all request ? or maybe I am wrong again, interesting subject ;)

Collaborator

kcbanner commented May 13, 2014

Sure, when you guarantee that you will never have more than one concurrent request for a particular user across all servers that would be sharing this session, then it works. However, you cannot guarantee that, and so it doesn't work. MongoDB does not have transactions, so you cannot even detect the failure case in a reliable way.

darul75 commented May 13, 2014

100% agree but if @kevinprotoss purpose is only to keep user connexion it could be fine, then if it is to store real state objects, maybe it could handle it on client side with a client storage solution, it really depends on context but your are right again, no guarantee.

Collaborator

kcbanner commented May 13, 2014

You would also have to make sure that the cookie secret was shared between the node apps, or else they won't be able to correctly read the data.

I still wouldn't recommend going this, because inevitably a user will visit both sites at once and there will be data loss.

@jdesboeufs jdesboeufs closed this Dec 23, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment