Support with cookieSession #20

Open
fabienbrooke opened this Issue Jun 16, 2013 · 10 comments

6 participants

@fabienbrooke

How can this be used when not using a store such as MemoryStore or RedisStore but cookieSession (Express/Connect) which stores session data in the cookie?

@jfromaniello

interesting, are you using connect ootb cookie sessions or caolan/cookie-sessions?

@ghost

Hello, any update on this?

I am using the standard Express 3.x cookieSession - app.use(express.cookieSession({...}); Is there any way to get it working with that one or do I need to use a different store?

Thanks

@amitport

👍

@loudwinston

+1. @jfromaniello, I'd be happy to try to implement this and submit a pull request. The only reason I'm using a non-cookie session in my app is to support passport-socket.io. Is there any reason why this would be particularly difficult?

@nicola

+2

@grofit

We currently use cookie-session and need to add socket.io to our existing stack with passport, any idea what the issue is around this currently?

@grofit

After looking through the code the only issue seems to be that you always expect there to be a get method on the store, whereas with cookie storage I guess the data you require is already within the cookie so it would be a case of using that rather than the store. I was seeing if there was a way to kinda hook in and just write a fake get method on a dummy object but the problem is you wont have access to the cookie in there... also for some reason it does not seem to be outputting the signed cookies correctly even if you did want to somehow hack it to use the cookies.

I am not sure if it is because I am using cookie-session but I can see that the cookie header is added and I can see that cookie parser is called correctly with the secret, and I have the my-session-cookie and my-session-cookie.sig sections there, so not sure whats going on, as I am not sure if cookie-session puts another layer of encryption around the cookie data or something...

Any help would be great as this is a blocker for me currently :(

@jfromaniello

please feel free to submit a PR, I havent had time yet to figure this out

@grofit

I have not touched this area for a while but from what I remember it would require a large architectural change to the library as the current assumption of the get method would not apply to the cookie-session mechanism.

If it helps here is what I ended up making just to keep things moving on my project.
https://gist.github.com/grofit/8c202a5e1589a36378a3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment