Edit Cookie Properties - subdomains, httpOnly, expiration

[mark]

Hi,
I'm getting started with the session and cookie management of
express.js.
I have a few questions so far:
1) I get separate cookies generated for a subdomain and the root
domain of my website, whereas I would rather use the same cookie. For
example. www.mydomain.com generates one cookie and mydomain.com
generates another one. Is there a way for them to use the same cookie?
2) How can I set other options for the cookie? Eg. set the secure
cookie flag, or the httpOnly flag?
3) How can I change the expiration time for the cookies?
4) This may be the same question as #3, but what is the 'reapInterval'
for a session store?

As background, I'm trying to implement a log-in system for my website.
After a user logs in, I'm going to store their cookie sessionID into
my database (mongodb).

Thanks!
Mark

[vision media [ Tj Holowaychuk ]]

Hey,

as shown here http://expressjs.com/guide.html#res-cookie-name-val-options- you simply pass the options object with the cookie options that you want to define. reapInterval is for the MemoryStore only, which has a setInterval() to remove or "reap" stale sessions, it should be used for dev or test envs only. Also for the session cookies as shown here you can pass them to the session store options: http://senchalabs.github.com/connect/session.html

--
You received this message because you are subscribed to the Google Groups "Express" group.
To post to this group, send email to expre...@googlegroups.com.
To unsubscribe from this group, send email to express-js+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/express-js?hl=en.

--
Tj Holowaychuk
Vision Media
President & Creative Lead

[mark]

Cool, thanks. So for the session cookies, I should be able to do this
right?


express.session(
{'store': ...},
{expires: new Date(Date.now() + 1000*60*60*24*5), httpOnly: true }
)
...

When I try that though, the 'expires' field doesn't get changed, as it
does when I try it with response.cookie(...).

Mark

On Jan 3, 11:42 am, "vision media [ Tj Holowaychuk ]" <t...@vision-
media.ca> wrote:
> Hey,
>
> as shown herehttp://expressjs.com/guide.html#res-cookie-name-val-options-you

> simply pass the options object with the cookie options that you want
> to
> define. reapInterval is for the MemoryStore only, which has a setInterval()
> to remove or "reap" stale sessions, it should be used for dev or test envs
> only. Also for the session cookies as shown here you can pass them to the
> session store options:http://senchalabs.github.com/connect/session.html
>
>
>
> On Sun, Jan 2, 2011 at 9:54 PM, mark <marksto...@gmail.com> wrote:
> > Hi,
> > I'm getting started with the session and cookie management of
> > express.js.
> > I have a few questions so far:
> > 1) I get separate cookies generated for a subdomain and the root
> > domain of my website, whereas I would rather use the same cookie. For

> > example.www.mydomain.comgenerates one cookie and mydomain.com

> > generates another one. Is there a way for them to use the same cookie?
> > 2) How can I set other options for the cookie? Eg. set the secure
> > cookie flag, or the httpOnly flag?
> > 3) How can I change the expiration time for the cookies?
> > 4) This may be the same question as #3, but what is the 'reapInterval'
> > for a session store?
>
> > As background, I'm trying to implement a log-in system for my website.
> > After a user logs in, I'm going to store their cookie sessionID into
> > my database (mongodb).
>
> > Thanks!
> > Mark
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Express" group.
> > To post to this group, send email to expre...@googlegroups.com.
> > To unsubscribe from this group, send email to

> > express-js+...@googlegroups.com<express-js%2Bunsu...@googlegroups.com>
> > .

[vision media [ Tj Holowaychuk ]]

the api kinda sucks right now but the memory store could / in most cases uses the expires option, as well as the session store so you do:

    var MemoryStore = express.session.MemoryStore;

    express.session({ store: new MemoryStore({ cookie: { ... }}) });

kinda awkward, there is a method to my madness, but this api sucks haha

To unsubscribe from this group, send email to express-js+...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/express-js?hl=en.

[mark]

hmm, came back to this page when googling for "express.js cookies", so
I suppose I might as well post my working example code for everyone's
benefit.
I'm using masylum/connect-mongodb for the mongoSessionStore:

express.session({
'key':'sid',
'secret':'supersecret',
'store': mongoSessionStore({
'dbname': 'dev', 'host': '127.0.0.1', 'port': '27017',
'collection': 'sessions',
'cookie':{ 'httpOnly': true, 'domain':'.example.com'},
'maxAge': 1000*60*60*24*365*2
})
}),


Mark

On Jan 3, 4:33 pm, "vision media [ Tj Holowaychuk ]" <t...@vision-

> > > > example.www.mydomain.comgeneratesone cookie and mydomain.com

> > > > generates another one. Is there a way for them to use the same cookie?
> > > > 2) How can I set other options for the cookie? Eg. set the secure
> > > > cookie flag, or the httpOnly flag?
> > > > 3) How can I change the expiration time for the cookies?
> > > > 4) This may be the same question as #3, but what is the 'reapInterval'
> > > > for a session store?
>
> > > > As background, I'm trying to implement a log-in system for my website.
> > > > After a user logs in, I'm going to store their cookie sessionID into
> > > > my database (mongodb).
>
> > > > Thanks!
> > > > Mark
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > Groups
> > > > "Express" group.
> > > > To post to this group, send email to expre...@googlegroups.com.
> > > > To unsubscribe from this group, send email to
> > > > express-js+...@googlegroups.com<express-js%2Bunsu...@googlegroups.com>

> > <express-js%2Bunsu...@googlegroups.com<express-js%252Buns...@googlegroups.com>