Geek Answers Handbook

A few questions about express.cookieSession ()

On my node.js server (by running express and socket.io ), when a person connects, I add them to the array and store their location in the array in their session so that each connection has access to their own information:

 session.person_id = people.length; session.save(); people.push(new Person()); //people[session.person_id] => Person

And the only thing I save in the session is person_id . I used express.session() to handle this, which worked fine until I started sending information to anyone connected right away. When I look at their connections and get their sessions, sometimes (I can't figure out how to trick the error) session exists, but not session.person_id .

In any case, I hope that by changing the way the session is stored, it will help me sort out my problem. Therefore, I have a few questions that I cannot find answers to.

  • Where is the cookie from express.cookieSession () stored? Server or client side?
  • Does express.cookieSession () support multiple servers running a load balancer?
  • Is it possible for the user to manipulate the session data when using the express.cookieSession () function?
+4
source share
1 answer

1 - Where is the cookie from express.cookieSession () stored? Server or client side?

A cookie is sent for responses from the server, and the browser sends this cookie with each request.

2 - Does express.cookieSession () allow multiple servers working behind a load balancer?

Yes, if you use a general store (e.g. RedisStore)

3 - Is it possible for the user to manipulate session data when using the express.cookieSession () function?

Not if you use signed cookies (by default for session cookies in express, when you provide a secret when initializing a session.

 var redis = require('redis').createClient(); app.use(express.session({ secret: "some random string", store: new RedisStore({client: redis}) }));
+3
source

More articles:


All Articles