API proxy seems to not forward cookies

[searls]

Seems like HTTP cookies are getting eaten up by our API proxy.

Reported by @faktorsmak

[davemo]

hmm, shouldn't be, we used and tested this with comverge extensively given we were authenticating against devise which depends on cookies being set.

[faktorsmak]

figured out this just needs app.use(express.cookieParser()) to be added. Not sure if this is something you want to add in lineman's server.coffee or if the user config should add it as the first line in the drawRoutes method. The problem was just that it's not ending up in req.cookies, not that the cookies weren't in the header.

[tandrewnichols]

@searls @davemo FYI, we cannot add express.cookieParser() in our config/server as the infrastructure stands now. I've tried adding it, and it does nothing. I'm guessing this is because we have to require express, which gives us a different version of express than the one lineman uses. Maybe you could pass both app and express to the drawRoutes function? Or you could just always app.use(express.cookieParser()).

Alternatively, the problem could be the order of calls. Maybe by the time control is passed to drawRoutes, other middleware has been set such that cookieParser can no longer work. In that case, you could either (again) just always set it yourself or add a second call earlier in the middleware definition to something like drawMiddleware that we could consume.

But a solution would be useful because right now, we're doing this:

var sessionStr = /manta_session=([^;]*)/.exec(req.header('Cookie'))[1];
var manta_session = JSON.parse(decodeURIComponent(sessionStr));

which is kind of loud and error prone.

[searls]

👍 let's look into this

On Fri, Feb 28, 2014 at 9:55 AM, Andrew Nichols notifications@github.comwrote:

@searls https://github.com/searls @davemo https://github.com/davemoFYI, we cannot add express.cookieParser() in our config/server as the
infrastructure stands now. I've tried adding it, and it does nothing. I'm
guessing this is because we have to require express, which gives us a
different version of express than the one lineman uses. Maybe you could
pass both app and express to the drawRoutes function? Or you could just
always app.use(express.cookieParser()).

Alternatively, the problem could be the order of calls. Maybe by the time
control is passed to drawRoutes, other middleware has been set such that
cookieParser can no longer work. In that case, you could either (again)
just always set it yourself or add a second call earlier in the middleware
definition to something like drawMiddleware that we could consume.

But a solution would be useful because right now, we're doing this:

var sessionStr = /manta_session=([^;]*)/.exec(req.header('Cookie'))[1];var manta_session = JSON.parse(decodeURIComponent(sessionStr));

which is kind of loud and error prone.

Reply to this email directly or view it on GitHubhttps://github.com//issues/148#issuecomment-36357627
.