Session for secure api: session not written

24 views
Skip to first unread message

Reutan

unread,
Mar 2, 2015, 7:39:40 AM3/2/15
to sai...@googlegroups.com
Hi !

I use the last version of Sails (0.11) and only the back end for API.

I have an API with user and I want secure this API.
So I use  req.session.authenticated to control that (in my policy).

But I think my session is not written because  req.session.authenticated is null in my policy.

My test project is here : https://bitbucket.org/kapik/test-sails/

Do you have an idea of this problem ??

Thank in advance for your help !

juantonio v

unread,
Mar 2, 2015, 10:57:19 PM3/2/15
to sai...@googlegroups.com
Im speak spanish sorry my english,

when creating the session write req.session.authenticated =true;

and redirects (res.redirect ('tu / path'))


Reutan

unread,
Mar 3, 2015, 7:13:37 AM3/3/15
to sai...@googlegroups.com
I don't need redirection: I use the back end only.
My workflow:
  • I use /login to authenticate the user: the session server know the user and set session.authenticated = true
  • Next I use /user to retrieve users: session.authenticated == true so I should be able to retrieve this data but session is not correctly set

Session is a back-end session ??
If not, I have to use a solution with token.

What do you think ?
Reply all
Reply to author
Forward
0 new messages