konteck / express-sessions Goto Github PK
View Code? Open in Web Editor NEWExpressJS MongoDB/Redis Session Storage
ExpressJS MongoDB/Redis Session Storage
Mongo session expiry uses a TTL index. The index is created by this code in index.js:
var schema = new mongoose.Schema({
sid: { type: String, required: true, unique: true },
data: { type: {} },
lastAccess: {
type: Date,
index: {
expires: parseInt(options.expire) * 1000
}
},
expires: { type: Date, index: true }
});
The issue here is that expires
is set to options.expire*1000, as if expecting to receive a value in seconds and convert it to milliseconds. However, if we look at the index that gets created:
{
"v" : 1,
"name" : "lastAccess_1",
"key" : {
"lastAccess" : 1
},
"ns" : "mayqat.sessions",
"expireAfterSeconds" : 60000,
"background" : true,
"safe" : null
}
Notice that mongodb actually calls the value "expireAfterSeconds".
Easy fix: don't multiply by 1000 :)
I have forked and fixed, and could provide a pull request, though i've changed one other thing also (for issue 3).
Hi,
Thanks for express-sessions - nice lib, and the only one I found that really works ;)
I hit a problem when using express 3.4.5 (may also affect other 3.x.y versions), which seems to be because of a version clash with express-sessions dependency on 2.x.y.
To see the problem:
(1) Create a new express project with 3.x.y, using "express myapp".
(2) Add the following middleware to app.js:
var inc = 0;
app.use(function(req,res,next){
res.locals["" + inc] = inc++;
console.log(res.locals);
next();
});
(3) start the app and hit the app a few times with curl or a browser - you'll see that the same res.locals
is re-used and just grows forever. This also means that any private information you might put in res.locals
is available to the next request!
{ '0': 0, '1': 1, '2': 2, ... }
Without express-sessions res.locals
is a new object on each request and you only see the latest value of inc, e.g.:
{ '3': 3 }
Just changing the dependency version to 3.4.5 fixes the problem for me.
Hello and thanks for your wonderful package that make life a bit easier!
My request is to implement an event handler when you want to delete the session ( before deleting). I understand that apparently destroy session fires based on maxAge but it is not always the case. For example if user delete the SID id in his browser , then a new session key will be created and the previous session will be destroyed without any notification.
Thanks
Hi,
Do you have any plan to add support for password protected databases?
I unfortunately don't have a simple test case to recreate for this. In my application, req.session.destroy()
was not removing the session data from the database (effectively disabling the "sign out" functionality).
I found it have something to do with the callback being passed to remove
. Changing the code to pass a valid, but noop callback fixed the issue.
destroy: function (sid, cb) {
MongoStore.client.remove({ sid: sid }, cb || function(){});
},
The associated versions of modules I'm using are:
By the way, thanks for sharing this module!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.