Express Session

[Saransh Mohapatra]

I am building an app using expressjs, I want to use sessions where session data is stored in server-side and the cookie only contains the encrypted key to it. I seen a lot of examples that express does the same. But my problem is that they seem to use express.session where as Express docs doesn't specify any such middleware right now. It has cookieSession and I am not very sure as to what kind of sessions it provides.

I tried to search for the same, but could not find any suitable information, so this question. Please help me out. 

If it only cookie-based encryption and holds all the data in the cookie only. Than I just wanted to know is it safe enough to be used. I know it can't be tempered and all. But still I get a feeling that the best option is the one I mentioned above.

If it the same as express session than I have one more question as to which session data-store should I use? I want it to be fast and also reliable(it doesn't get deleted). Basically my choice is between connect-redis and connect-mongo.

Please help me out.

[Jérémy Lal]

On 24/06/2013 17:33, Saransh Mohapatra wrote:
> I am building an app using expressjs, I want to use sessions where
> session data is stored in server-side and the cookie only contains
> the encrypted key to it. I seen a lot of examples that express does
> the same. But my problem is that they seem to use express.session
> where as Express docs doesn't specify any such middleware right now.
> It has cookieSession and I am not very sure as to what kind of
> sessions it provides.

That's because it comes from connect:
http://www.senchalabs.org/connect/middleware-session.html

> I tried to search for the same, but could not find any suitable
> information, so this question. Please help me out. If it only
> cookie-based encryption and holds all the data in the cookie only.
> Than I just wanted to know is it safe enough to be used. I know it
> can't be tempered and all. But still I get a feeling that the best
> option is the one I mentioned above.
>
> If it the same as express session than I have one more question as to
> which session data-store should I use? I want it to be fast and also
> reliable(it doesn't get deleted). Basically my choice is between
> connect-redis and connect-mongo. Please help me out.

I'm using connect-mongo with something like:
app.use(express.cookieParser(config.secret));
if (config.database) {
var MongoStore = require('connect-mongo')(express);
app.use(express.session({store: new MongoStore({
url: config.database
})}));
}

J�r�my.

[Jose G. Quenum]

redisStore is another good option

> Jérémy.
>
> --
> You received this message because you are subscribed to the Google Groups "Express" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to express-js+...@googlegroups.com.
> To post to this group, send email to expre...@googlegroups.com.
> Visit this group at http://groups.google.com/group/express-js.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

[Saransh Mohapatra]

Is it Fast enough compared to connect-redis? I want to know what are the basic difference I will have between the two?

J�r�my.

[Saransh Mohapatra]

But I am little concerned regarding the persistence in redis? Some say it can loose data.

[Jose G. Quenum]

On Jun 24, 2013, at 7:18 PM, Saransh Mohapatra <saran...@gmail.com> wrote:

Is it Fast enough compared to connect-redis? I want to know what are the basic difference I will have between the two?

RedisStore uses connect-redis. You just have to pass it a redis client like in the following example

RedisStore = require('connect-redis')(express)

redisClient = require('redis').createClient()

app.use express.cookieParser("secret string")

app.use express.session {

store: new RedisStore({

client: redisClient

         })

         cookie: {

              maxAge: new Date(Date.now() + 86400000)

         }

}

[Jose G. Quenum]

I think to a large extent redis is still reliable including its persistence