log out - how to create new sessionID
170 views
Skip to first unread message
mark
Jan 24, 2011, 3:02:09 AM1/24/11
to Express
Hi,
I have a login/registration system working like this:
- when a user registers, I have a db record like this
{_id: 'BaDDyvSiAoUrXGgsHiV3yiT.gYS8qDKyUo4Hk2L/
x90VVR13It2L2pNK0hVaTrjyAp0', "lastAccess" :
NumberLong("1295854752511"), user: {firstname: 'billy', lastname:
'bob', location: 'usa'} }
- that info is all in the session store, so it's also in req.session.
ie. req.session.user.firstname = 'billy' and req.sessionID =
'BaDDyv....'
Now I'm trying to write the log out function. I want to change the
sessionID in the response, and leave the _id in the db the same. I
tried req.session.regenerate() , but that also clobbers the other info
I'm storing in the session (ie. req.session.user). Is there a way to
change the user's sessionID without clobbering the saved entry in the
session store?
Alternatively, if I could figure out how to generate a new sessionID
the same way that express does it, then I could change the value
stored in the database and let the user keep their old sessionID.
However, I can't figure out how to use express's session.js to
generate a new sessionID easily. I kinda just want a way to call just
the first two lines of the generate function in session.js:
var generate = store.generate = function(){
var base = utils.uid(24);
var sessionID = base + "." + hash(base);
req.sessionID = sessionID;
req.session = new Session(req);
};
Any tips?
Thanks,
Mark
I have a login/registration system working like this:
- when a user registers, I have a db record like this
{_id: 'BaDDyvSiAoUrXGgsHiV3yiT.gYS8qDKyUo4Hk2L/
x90VVR13It2L2pNK0hVaTrjyAp0', "lastAccess" :
NumberLong("1295854752511"), user: {firstname: 'billy', lastname:
'bob', location: 'usa'} }
- that info is all in the session store, so it's also in req.session.
ie. req.session.user.firstname = 'billy' and req.sessionID =
'BaDDyv....'
Now I'm trying to write the log out function. I want to change the
sessionID in the response, and leave the _id in the db the same. I
tried req.session.regenerate() , but that also clobbers the other info
I'm storing in the session (ie. req.session.user). Is there a way to
change the user's sessionID without clobbering the saved entry in the
session store?
Alternatively, if I could figure out how to generate a new sessionID
the same way that express does it, then I could change the value
stored in the database and let the user keep their old sessionID.
However, I can't figure out how to use express's session.js to
generate a new sessionID easily. I kinda just want a way to call just
the first two lines of the generate function in session.js:
var generate = store.generate = function(){
var base = utils.uid(24);
var sessionID = base + "." + hash(base);
req.sessionID = sessionID;
req.session = new Session(req);
};
Any tips?
Thanks,
Mark
Ciaran
Jan 24, 2011, 3:32:44 AM1/24/11
to expre...@googlegroups.com
On Mon, Jan 24, 2011 at 8:02 AM, mark <marks...@gmail.com> wrote:
> Hi,
>
> I have a login/registration system working like this:
> - when a user registers, I have a db record like this
> {_id: 'BaDDyvSiAoUrXGgsHiV3yiT.gYS8qDKyUo4Hk2L/
> x90VVR13It2L2pNK0hVaTrjyAp0', "lastAccess" :
> NumberLong("1295854752511"), user: {firstname: 'billy', lastname:
> 'bob', location: 'usa'} }
> - that info is all in the session store, so it's also in req.session.
> ie. req.session.user.firstname = 'billy' and req.sessionID =
> 'BaDDyv....'
>
> Now I'm trying to write the log out function. I want to change the
> sessionID in the response, and leave the _id in the db the same. I
> tried req.session.regenerate() , but that also clobbers the other info
> I'm storing in the session (ie. req.session.user). Is there a way to
> change the user's sessionID without clobbering the saved entry in the
> session store?
Just out of interest, did you take a look at> Hi,
>
> I have a login/registration system working like this:
> - when a user registers, I have a db record like this
> {_id: 'BaDDyvSiAoUrXGgsHiV3yiT.gYS8qDKyUo4Hk2L/
> x90VVR13It2L2pNK0hVaTrjyAp0', "lastAccess" :
> NumberLong("1295854752511"), user: {firstname: 'billy', lastname:
> 'bob', location: 'usa'} }
> - that info is all in the session store, so it's also in req.session.
> ie. req.session.user.firstname = 'billy' and req.sessionID =
> 'BaDDyv....'
>
> Now I'm trying to write the log out function. I want to change the
> sessionID in the response, and leave the _id in the db the same. I
> tried req.session.regenerate() , but that also clobbers the other info
> I'm storing in the session (ie. req.session.user). Is there a way to
> change the user's sessionID without clobbering the saved entry in the
> session store?
github.com/ciaranj/connect-auth ? That has log-out functionality,
but it doesn't bother generating a new session identifier to do it,
just marks the current session as un-authenticated ?
- cj.
mark
Jan 26, 2011, 12:19:40 AM1/26/11
to Express
Thanks Ciaran, I'll look into that.
As a workaround for now, I just replaced the sessionID in the database
with a newly generated sessionID (by replicating express' session
generation), leaving the user's sessionID alone.
Mark
On Jan 24, 12:32 am, Ciaran <ciar...@gmail.com> wrote:
As a workaround for now, I just replaced the sessionID in the database
with a newly generated sessionID (by replicating express' session
generation), leaving the user's sessionID alone.
Mark
On Jan 24, 12:32 am, Ciaran <ciar...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages