I have 3 files : app.js, index.js(routes), Users.js(controller)
Once my user is loggedIn (verification done between POST information and DB) i want to save data in a session using expressjs/session.
Here is the declaration of my session in the app.js :
var session = require('express-session');
app.use(session({
resave: true,
saveUninitialized: true,
secret: 'trolololo'
}));
Here are my routes :
router.post('/login', function(req, res, next) {
Users.login(req, res);
});
router.get('/getSessionInfos', function(req,res,next){
console.log(req.session);
});
And here is the controller for the login :
login : function(req, res){
var formEmail = req.body.email;
var formPassword = req.body.password;
User.findOne({ where: {email: formEmail} }).then(function(user) {
if(user){
if (user.password == formPassword){
console.log('User connected');
req.session.email = formEmail;
req.session.password = formPassword;
console.log(req.session);
res.status(200).send('User Authentified');
}else{
res.status(401).send('Invalid Password');
}
}else{
res.status(401).send('Username');
}
});
},
The Login works I get the 200 status and my console.log in the login function displays a function with my infos. But when i try fetching my session from the /getSessionInfos URL it is empty... Please send help
I have 3 files : app.js, index.js(routes), Users.js(controller)
Once my user is loggedIn (verification done between POST information and DB) i want to save data in a session using expressjs/session.
Here is the declaration of my session in the app.js :
var session = require('express-session');
app.use(session({
resave: true,
saveUninitialized: true,
secret: 'trolololo'
}));
Here are my routes :
router.post('/login', function(req, res, next) {
Users.login(req, res);
});
router.get('/getSessionInfos', function(req,res,next){
console.log(req.session);
});
And here is the controller for the login :
login : function(req, res){
var formEmail = req.body.email;
var formPassword = req.body.password;
User.findOne({ where: {email: formEmail} }).then(function(user) {
if(user){
if (user.password == formPassword){
console.log('User connected');
req.session.email = formEmail;
req.session.password = formPassword;
console.log(req.session);
res.status(200).send('User Authentified');
}else{
res.status(401).send('Invalid Password');
}
}else{
res.status(401).send('Username');
}
});
},
The Login works I get the 200 status and my console.log in the login function displays a function with my infos. But when i try fetching my session from the /getSessionInfos URL it is empty... Please send help
Share Improve this question edited Apr 12, 2017 at 9:40 Jaro asked Apr 12, 2017 at 7:30 JaroJaro 1,6975 gold badges22 silver badges41 bronze badges 2-
is that the whole code in
/getSessionInfos? you only output to console and you don't return anything – Gntem Commented Apr 12, 2017 at 7:38 - Well i assumed that from the expressjs/session documentation that session is always fetched via a req.session.something and as i said i get the session object but it is empty. But yes this is all there is in /getSessionInfos – Jaro Commented Apr 12, 2017 at 7:48
3 Answers
Reset to default 1I know you did not ask this, but i will state it either way, sessions are not remended in node any more, json web tokens are pretty much the at the throne.In essence it's a signed piece of data in JSON format. Because it's signed the recipient can verify its authenticity. Because it's JSON it weights very little.
In very simple terms, JWT are cool because you don't need to keep session data on the server in order to authenticate the user.
- The user calls authentication service, usually sending username and password.
- The authentication service responds with a signed JWT, which says who the user is.
- The user requests access to a secured service sending the token back.
- Security layer checks the signature on the token and if it's genuine the access is granted.
You can use jwt-simple in npm.
Your Code seems correct only some changes
app.use(session({
secret : 'yourSecret',
resave : false,
saveUninitialized : false,
}));
Not forget to login first as you are storing the session value over there and then it will surely display the object with the email and password key . Let me know if You face any problem.
//Your Code seems correct only some changes
app.use(session({
secret : 'yourSecret',`enter code here`
resave : false,
saveUninitialized : false,
}));
//in login details save the session by using "req.session.save();"
//then try to run it work properly
login : function(req, res){
var formEmail = req.body.email;
var formPassword = req.body.password;
User.findOne({ where: {email: formEmail} }).then(function(user) {
if(user){
if (user.password == formPassword){
console.log('User connected');
req.session.email = formEmail;
req.session.password = formPassword;
req.session.save();
console.log(req.session);
res.status(200).send('User Authentified');
}else{
res.status(401).send('Invalid Password');
}
}else{
res.status(401).send('Username');
}
});
},