Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Custom session stores exposure to session.regen() #819

Closed
jas- opened this Issue · 1 comment

2 participants

@jas-

Is there any work around for exposing a custom session store to the results of the session.regen() results?

custom session store

It is being used as follows...

var sessions = require('./dbsession')

var attrs = {};
app.use(function(req, res, next){
  attrs.headers = req.headers
  attrs.ip = req.ip
  attrs.agent = req.headers['user-agent']
  attrs.referer = (req.headers['referer']) ? req.headers['referer'] : req.host
  next()
});

app.use(express.cookieParser('key'));

app.use(express.session({
  secret: 'secret',
  key: 'uuid',
  store: new sessions(attrs)
}));

app.use(express.csrf());

app.use(function(req, res, next) {
  res.locals.token = req.session._csrf;
  console.log('ORIGINAL: '+req.session.id)
  req.session.regenerate(function(err) {
    if (err) throw err
    console.log('REGEN-MODIFIED: '+req.session.id)
    console.log(JSON.stringify(req.session))
    req.session.reload(function(err) {
      if (err) throw err
      console.log('RELOAD-MODIFIED: '+req.session.id)
      console.log(JSON.stringify(req.session))
    })
  })
  next();
});

Perhaps I am using the .regenerate() function incorrectly or perhaps in the wrong order but it seems that the session store is not aware of the new id as shown in the debugging information below:

ORIGINAL: 9M9GJYUKurpWoSU-DDCD0sMn
SAVE: 9M9GJYUKurpWoSU-DDCD0sMn
REGEN-MODIFIED: 0itcKpNVARGL-2nukmTHMgR-
{"cookie":{"originalMaxAge":null,"expires":null,"httpOnly":true,"path":"/"}}
SAVE: 0itcKpNVARGL-2nukmTHMgR-
GET: 0itcKpNVARGL-2nukmTHMgR-
SAVED: 9M9GJYUKurpWoSU-DDCD0sMn => {"cookie":{"expires":"Thu, 06 Jun 2013 17:05:28 GMT","maxTime":7200},"_csrf":"ScOuG9JMmb3xuuQzr9Ilwkzq"}

As you can see after the initial save using the 9M9GJYUKurpWoSU-DDCD0sMn a cookie is set reflecting the database session stored. Once the .regenerate() function is called and the new req.session.id reflected as 0itcKpNVARGL-2nukmTHMgR- does not get passed to the .reload() function.

Any pointers you can offer are appreciated as I am not entirely certain this is a bug

@jonathanong

It's pretty clear you won't get much help here. You can try stackoverflow or something.

However, I think you shouldn't even bother creating a custom session store for connect. Just create your own session middleware. Connect's session store interface is pretty convoluted and you can probably make something better this way

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.