Search code examples
node.jssessionexpressappfog

Sessions on AppFog with ExpressJS

I get a problem with sessions on my ExpressJS App. In local it works perfectly but when I host my App on AppFog I get some issues with the sessions, they are lost sometimes... In my admin panel.

I don't know why but, when the page is refreshed, the sessions no longer to work...

var restrictedArea = function(req, res, next) {
    if( req.session.access )
        next();
    else
        res.redirect('/signin');
}

// Get/Post example on admin panel
app.get('/posts/add', restrictedArea, admin.addPost);
app.post('/posts/add', restrictedArea, admin.savePost);
app.post('/posts/delete', restrictedArea, admin.deletePost);
app.get('/posts/edit/:id', restrictedArea, admin.editPost);

My app.configure:

app.configure(function () {
    app.set('port', process.env.PORT || 3000);
    app.set('views', __dirname + '/views');
    app.set('view engine', 'jade');
    app.use(express.favicon());
    app.use(express.logger('dev'));
    app.use(express.bodyParser());
    app.use(express.static(path.join(__dirname, 'public')));
    //app.use(express.session({secret: 'some secret'}));
        app.use(express.cookieSession({
                secret: 'SECRET',
                cookie: { access: false }
            })
        );
    app.use(express.session({secret: 'some secret'}));
    app.use(app.router);
    app.use(function(req, res, next){
        res.render('404.jade', {
            title: "404 - Page Not Found",
            showFullNav: false,
            status: 404,
            url: req.url
        });
    });
});

My route:

exports.authenticate = function(req, res) {
    if( req.body.username == user.username && req.body.password == user.password ){
        req.session.access = true;
        renderToAdminIndex(req, res);
    }else{
        req.session.access = false;
        renderToSignin(req, res, "Error, please try again!");
    }
}

signout function:

exports.signout = function(req, res) {
    req.session.destroy(function(){
        res.redirect('/');
    });
}

Anthony

Solution

  • If your using express 3.x you need to use express.cookieSession:

    app.configure(function () {

  ...

  app.use(express.cookieParser());
  app.use(express.cookieSession(
    { 
      secret: 'SECRET', 
      cookie: { maxAge: ... }
    }
  ));

    reference: http://expressjs.com/api.html#cookieSession

    UPDATE

    To wipeout the session:

    exports.signout = function(req, res) {
  req.session = null;
  res.redirect('/');
}