quorrajs / nodesession Goto Github PK
View Code? Open in Web Editor NEWSession handling for NodeJS
License: MIT License
nodesession's People
Contributors
Stargazers
Watchers
Forkers
rakesh-mohanta samusgray vugluskr86 michael-wynn 0xnbk waifei amu123 danielbaak deveshpankaj solzimer davidcarboninodesession's Issues
Documentaition is not noob friendly...
I am trying to wrap my head around how to use this library and can't. I believe I am missing some common knowledge, so it is my fault, but throwing in a couple of links to give direction would probably help others like me. I don't even know what to look. Specifically I am stuck trying to understand how to re-attach the session to the request when it comes the second time.
get cookie wildcard domain
I've set cookie for wildcard domain from client side, with cookie name my-test and offcourse without secret key . Using this package,can I get value or details of cookie with name my-test ?
npm audit security warnings because of lodash
Hi,
I just installed your package and saw 5 low security vulnerabilities due to lodash version.
>npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > switchback > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > waterline-schema > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of node-session
Path node-session > waterline > waterline-criteria > lodash
More info https://nodesecurity.io/advisories/577
found 5 low severity vulnerabilities in 563 scanned packages
Even though they are low risk, I want to use your package in a productive environment. Would you mind to upgrade your packages to use lodash >= 4.17.5.
If I find time, I can do the upgrade as well, if you like.
NPM Install Fails
I believe upgrading the deasync dependency version in the package.json should fix the issue.
startSession crashes node instead of returning error to callback
Init:
var NodeSession = require('node-session');
session = new NodeSession({secret: 'Q3UBzdH9GEfiRCTKbi5MTPyChpzXLsTD'});
On new request:
var callback = function(error, data){/.../};
session.startSession(req, res, callback);
Issue:
NodeSession expects a folder named "sessions" to exist, and understandably will fail if that isn't the case. The problem is that it crashes Node instead of calling the callback with an error object. The real issue here is it probably will also crashes if some other types of errors occur during startSession.
Losing Session Variable
Session variable goes missing. Cookie still valid. Session still valid. I'm using the file session storage. Looking at the session file, before and after missing, and the only thing different is the session variable is gone. I've copied the session file when the session variable is present and then restored the file after the session variable disappears and we're back up and running.
I can GET and POST any number of times, usually many times, sometimes only a few times, and the session variable remains, then the next round trip to the server and the session variable is gone immediately upon startSession.
I've noticed in the session file flash: { old: [], new: [] } is present with the session variable, but goes missing along with the session variable.
Looking at the server logs: on the last pass before it goes missing I can track the presence of the session variable all the way through the server processing, still there at the end of the procedure. Then on the next pass, immediately after startSession the session variable (and flash: { old: [], new: [] }) is gone.
Using this type of setup:
https://github.com/quorrajs/NodeSession/blob/master/examples/nodehttps.js
Setting the session variable, at login: req.session.put('usertoken', usercredentialsobj.usertoken).
Authenticating: if ( true === req.session.has('usertoken') ) {. Here is where I get directed to the login screen when the session variable is missing.
If token exists, then comparing token to database: db.usertokenvalid({usertoken:req.session.get('usertoken')}, function (err, usertokenobj) {.
Integrating with Express
I tried to make node-session work along with express:
var express = require('express')
var NodeSession = require('node-session');
var session = new NodeSession({secret: 'Q3UBzdH9GEfiRCTKbi5MTPyChpzXLsTD'});
var app = express()
app.use(function (req, res, next) {
session.startSession(req, res, function() {})
// count the views
req.session.put('views', (req.session.get('views') || 0) + 1)
next()
})
app.get('/', function (req, res, next) {
res.send('you viewed this page ' + req.session.get('views') + ' times')
})
app.listen(3000, () => console.log('Example app listening on port 3000!'))
But data from session is not loaded and very time I see "you viewed this page 1 times".
Could you tell what is wrong or is it issue?
Using NodeSession with iisnode
I am interested in using NodeSession with following configuration:
iisnode version is 0.2.21,
node version is v10.7.0,
express version 4.16.3
My code is as follows:
// express
var express = require('express');
var app = express();
// path
var path = require('path');
// session management
var NodeSession = require('node-session');
session = new NodeSession({secret: 'mysecretkeygoeshere'});
session.startSession(req, res, callback);
I am not sure where I should put the line 'session.startSession(req, res, callback)', it throws error showing "'req' is undefined".
(node:3777) Warning: Use Cipheriv for counter mode of aes-256-ctr
Using encrypt: true on an http server in node js and getting the error in the title
let session = new NodeSession({ secret: 'secret', lifetime: 60 * 1000, encrypt: true });
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.