I have been trying but I have found out that iOS 5 by default doesn't accept cookies. I have been trying many different things even using Redis but still cannot get a session to persist for more than one request.
Without using cookies, what other session options do I have? I am about to roll a crude session module using Redis where I just send my own "session id" to and from but that seems like it could easily brake.
The HTTP POST method provides an alternative to cookies to maintain session state. The HTTP POST method provides the same state information as would a cookie but has the advantage that it works even when cookies are not available.
Cookie session is basically used for lightweight session applications where the session data is stored in a cookie but within the client [browser], whereas, Express Session stores just a mere session identifier within a cookie in the client end, whilst storing the session data entirely on the server.
It contains only an encrypted ID that is used by the server to identify which session object corresponds with that user. Session data is then only available on the server itself which further insulates it from some types of attacks.
If you cannot get the client to support cookies, perhaps you can put some data into LocalStorage, and then communicate that up to the server to connect to the session, and structure it like a single-page app.
It'd look something like this:
server | client
send initial payload, with token --> store token in LocalStorage
initial payload contains some script
<-- XHR request for /data?sessid=XXXXX
look up session, do stuff --> handle result, update DOM, do more XHR
Are web sockets supported? You could use Socket.io to do the transport, which would be a lot less latency.
I am almost sure you will want to use cookies. The other alternative would be to append a session id to every request via a url param and persist this across your app leveraging some kind of middleware to make sure its appended to every URL. You could do this by parsing your responses or by hijacking your template engine to include this in every link and form. I find it really strange the iOS doesn't havent cookies. I am almost sure that this is incorrect, can you please link where you read that?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With