Menu
As far as i studied so far from stackoverflow answers regarding making sessions persistent after server restart.
There are 4 possible ways which i considering to do with my mean app.
Now my doubt is if i will restart my server in mongo and redis . session will still be there as they are external data stores. but how to make my session persistent using JWT and cookie sessions. where are these session variables are stored.
In case of passport.js the solution which i came across is to make session persistent is to store session data in connect-mongo/connect-redis.
is there any other way in passport to make sessions persistent?
242
In this case, if we make any changes to the project then we will have to restart the server by killing it using CTRL+C and then typing the same command again. It is a very hectic task for the development process.
js application locally after closing the terminal or Application, to run the nodeJS application permanently. We use NPM modules such as forever or PM2 to ensure that a given script runs continuously. NPM is a Default Package manager for Node.
You can use nodemon to start a Node script. For example, if you have an Express server setup in a server. js file, you can start nodemon and watch for changes like this: nodemon server.
If you store session at external storage, then after restart it should be available.
Passport is not responsible for sessions. You setup session independently from passport in express. Passport is authentication middleware with strategy to use your session. you setup express session:
app.use(express.session(session options));
and after that you init and setup passport to use session:
app.use(passport.initialize());
app.use(passport.session());
It means that regardless of whether you use passport or not, session configuration will be the same.
there are few ways to make sessions persistent: Most of them store session in db or in file system (memory storage is appropiate only in dev env). Please look at this npm search list link.
List of Compatible Session Stores from official express-session page https://github.com/expressjs/session#compatible-session-stores
Jwt token, if properly implemented, is stateless. It means that your server does not storage any session data, It doesnt know how many sessions are valid. It authorize request if it have valid jwt token.
Jwt token can store some data, like your user id. When your server receive token, it decode it and validate, then you have access to data from this token. Please read this article for more details :
https://stormpath.com/blog/jwt-the-right-way/
Most important parts (there are more important things, butthese are sometimes forgotten):
Always verify the signature before you trust any information in the JWT
and:
Do not contain any sensitive data in a JWT
Please look at this module for maintain jwt:
https://www.npmjs.com/package/json-web-token
or even for some hybrid solution module (redis session with jwt token):
https://www.npmjs.com/package/jwt-redis-session
143
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
