Support with cookieSession #20

fabienbrooke opened this Issue Jun 16, 2013 · 10 comments

6 participants


How can this be used when not using a store such as MemoryStore or RedisStore but cookieSession (Express/Connect) which stores session data in the cookie?


interesting, are you using connect ootb cookie sessions or caolan/cookie-sessions?


Hello, any update on this?

I am using the standard Express 3.x cookieSession - app.use(express.cookieSession({...}); Is there any way to get it working with that one or do I need to use a different store?





+1. @jfromaniello, I'd be happy to try to implement this and submit a pull request. The only reason I'm using a non-cookie session in my app is to support Is there any reason why this would be particularly difficult?




We currently use cookie-session and need to add to our existing stack with passport, any idea what the issue is around this currently?


After looking through the code the only issue seems to be that you always expect there to be a get method on the store, whereas with cookie storage I guess the data you require is already within the cookie so it would be a case of using that rather than the store. I was seeing if there was a way to kinda hook in and just write a fake get method on a dummy object but the problem is you wont have access to the cookie in there... also for some reason it does not seem to be outputting the signed cookies correctly even if you did want to somehow hack it to use the cookies.

I am not sure if it is because I am using cookie-session but I can see that the cookie header is added and I can see that cookie parser is called correctly with the secret, and I have the my-session-cookie and my-session-cookie.sig sections there, so not sure whats going on, as I am not sure if cookie-session puts another layer of encryption around the cookie data or something...

Any help would be great as this is a blocker for me currently :(


please feel free to submit a PR, I havent had time yet to figure this out


I have not touched this area for a while but from what I remember it would require a large architectural change to the library as the current assumption of the get method would not apply to the cookie-session mechanism.

If it helps here is what I ended up making just to keep things moving on my project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment