Compound/Express JS: Multiple sessions per user

StackOverflow https://stackoverflow.com/questions/21392136

Question

I have an app that is creating 2 sessions for each user. I have located the source of the issue, but I do not fully understand why it's happening and how to fix it. Let's say I scaffold an example app like so:

compound init blah
cd blah
npm install
npm install connect-mongo
compound g c mytest

Make config/environment.js look like this:

module.exports = function (compound) {
  var express = require('express');
  var app = compound.app;
  var secret = 'secret';  // Need this to check if there's been tampering with the session
  var MongoStore = require('connect-mongo')(express);
  app.sessionStore = new MongoStore({
    url: 'mongodb://localhost/development'
  });
  app.cookieParser = express.cookieParser(secret);

  app.configure(function() {
    app.use(express.static(app.root + '/public', { maxAge: 86400000 }));
    app.set('jsDirectory', '/javascripts/');
    app.set('cssDirectory', '/stylesheets/');
    app.set('cssEngine', 'stylus');
    compound.loadConfigs(__dirname);
    app.use(express.bodyParser());
    app.use(app.cookieParser);
    app.use(express.session({
      secret: secret,
      store: app.sessionStore,
      cookie: {
        maxAge: 86400000 // 24 hour session
      }
    }));
    app.use(express.methodOverride());
    app.use(app.router);
  });
};

And in the app/controllers/mytests_controller.js file, modify it to have this:

action('getMe', function(data) {
  return send({success: true, data: 'got you!'});
});

action(function index(data) {
  console.log(data.req.session);  // has session data
  var http = require('http');
  var options = {
    host: 'localhost',
    port: 3000,
    path: '/getMe'
  };
  //return send({success: true});
  http.get(options, function(res) {
    var data = '';
    res.on('data', function(chunk) {
      data += chunk;
    });
    res.on('end', function() {
      data = JSON.parse(data);
      if (data) {
        return send({success: true, data: data});
      }
      else {
        return send({success: false, data: 'data is undefined'});
      }
    });
  });
});

Update routes.js:

exports.routes = function (map) {
    map.resources('mytests');
    map.get('getMe', 'mytests#getMe');

    // Generic routes. Add all your routes below this line
    // feel free to remove generic routes
    map.all(':controller/:action');
    map.all(':controller/:action/:id');
};

When I navigate to localhost:3000/mytests, and crack open the Mongo database, I see 2 sessions created. If I uncomment that return in the index, I only get 1 session created, so it's clearly the http.get, but maybe I'm misunderstanding something else? Can anyone explain what's going on?

Ideally, I just want me browsing to /mytests to make a session and not any subsequent calls it makes.

Note: I realize this example is pretty dumb with the /getMe endpoint just returning some JSON, but in my actual app, it's doing a bit more and making a service call.

Cross-posted from the CompoundJS and Express Google Groups.

Was it helpful?

Solution

I don't like this answer, but I figured I'd post my quick fix for the time being:

I'm setting a credentials field in the user's session, so what I'm doing is just checking to see if credentials exists in the /getMe session. If it doesn't, delete the session. Here's the updated code:

app/controllers/mytests_controller.js

action('getMe', function(data) {
  // Added this part
  var session = data.req.session;
  if (session && !session.credentials) {
    session.destroy();
  }

  return send({success: true, data: 'got you!'});
});

action(function index(data) {
  // Added this part
  var session = data.req.session;
  if (session) {
    session.credentials = "blah blah blah";
  }

  var http = require('http');
  var options = {
    path: '/getMe',
    host: 'localhost',
    port: 3000
  };
//  return send({success: true});
  http.get(options, function(res) {
    var data = '';
    res.on('data', function(chunk) {
      data += chunk;
    });
    res.on('end', function() {
      data = JSON.parse(data);
      if (data) {
        // make call for proper config file based on cookie.role
        return send({success: true, data: data});
      }
      else {
        return send({success: false, data: 'data is undefined'});
      }
    });
  });
});

Like I said, it's not ideal, so I would love to hear other answers... maybe if there's a way to send a session through an http.get or even telling the http.get to not create a session would be awesome.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top