Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Node.JS session without cookies

I have been trying but I have found out that iOS 5 by default doesn't accept cookies. I have been trying many different things even using Redis but still cannot get a session to persist for more than one request.

Without using cookies, what other session options do I have? I am about to roll a crude session module using Redis where I just send my own "session id" to and from but that seems like it could easily brake.

like image 468
Mitchell Simoens Avatar asked Feb 17 '12 04:02

Mitchell Simoens


People also ask

Can we maintain session without cookies?

The HTTP POST method provides an alternative to cookies to maintain session state. The HTTP POST method provides the same state information as would a cookie but has the advantage that it works even when cookies are not available.

What is the difference between Express session and cookie session?

Cookie session is basically used for lightweight session applications where the session data is stored in a cookie but within the client [browser], whereas, Express Session stores just a mere session identifier within a cookie in the client end, whilst storing the session data entirely on the server.

Is Express session secure?

It contains only an encrypted ID that is used by the server to identify which session object corresponds with that user. Session data is then only available on the server itself which further insulates it from some types of attacks.


2 Answers

If you cannot get the client to support cookies, perhaps you can put some data into LocalStorage, and then communicate that up to the server to connect to the session, and structure it like a single-page app.

It'd look something like this:

server                            |         client
send initial payload, with token  -->       store token in LocalStorage
initial payload contains some script

                                 <-- XHR request for /data?sessid=XXXXX
look up session, do stuff        -->  handle result, update DOM, do more XHR  

Are web sockets supported? You could use Socket.io to do the transport, which would be a lot less latency.

like image 130
isaacs Avatar answered Sep 24 '22 05:09

isaacs


I am almost sure you will want to use cookies. The other alternative would be to append a session id to every request via a url param and persist this across your app leveraging some kind of middleware to make sure its appended to every URL. You could do this by parsing your responses or by hijacking your template engine to include this in every link and form. I find it really strange the iOS doesn't havent cookies. I am almost sure that this is incorrect, can you please link where you read that?

like image 43
j_mcnally Avatar answered Sep 20 '22 05:09

j_mcnally