Geek Answers Handbook

Common Sessions Between Node Applications?

Currently, I have two separate node applications running on two different ports but having the same data store. I need to exchange user sessions between two applications so that when a user logs into one application, their session is available and they seem to be logged into another application. In this case, it is a โ€œpublic website and administrative serverโ€.

Our setup is as follows:

  • node with expression
  • a passport is used for authorization with a local strategy.
  • we use connect-redis so we can share sessions through redis.
  • our domains look like this: www.mydomain.com and adm.mydomain.com

The configuration for the session files (and redis) is the same for both applications:

session: { options: { secret: "my secret", cookie: { domain: "mydomain.com", maxAge:1000*60*60*24 } }, redis: { host: 'my host', maxAge: 86400000, secret: "my secret" } }

The configuration for the session files in app.js looks like this:

 if ( app.settings.env === "production" ) { session.options.store = new RedisStore(session.redis); } app.use(express.session(session.options)); app.use(passport.initialize()); app.use(passport.session({ secret: 'a different secret' }));

What do I expect from this. . Let us see the same session ID in a cookie between two applications.

So my question is: how do I set up express, redis and passport so that you can conduct sessions on different subdomains?

+7
source share
2 answers

It might be a bit dated, but at this time Express-session might recognize the cookie domain option. According to the source:

 function session(options){ var options = options || {} // name - previously "options.key" , name = options.name || options.key || 'connect.sid' , store = options.store || new MemoryStore , cookie = options.cookie || {} ...

And this is for setting a cookie:

 var Cookie = module.exports = function Cookie(options) { this.path = '/'; this.maxAge = null; this.httpOnly = true; if (options) merge(this, options); ...

So, something like this will work for the current master 1.10.1:

 secret: "my secret", cookie: { domain: "mydomain.com",
+4
source

The express session does not seem to recognize the "domain" parameter for cookies, therefore your problem. The cookie that stores the session ID is automatically bound to the domain for each application and therefore cannot be used.

One option is to write your own single sign-on module for sharing sessions through webapps. He probably lived in the app.use () statement quite early in the execution order and simply created a separate cookie (which would be cross-domain), created a separate SSO session identifier, and saved the SSO identifier in this new cookie. Subsequently, you simply cross-fill req.session and req.sso-session as needed.

+2
source

More articles:


All Articles