I've followed tutorials on how to create a node express app with cookie parsing and a MemoryStore as Session store. But after installing the latest versions of some modules my app isn't working anymore. Yesterday I installed the latest versions of "express", "connect" and "cookie" and now I cannot get the sessions out of the MemoryStore anymore.
Below is the simple app that I've set up to reproduce the problem:
server.js -----------
var express = require('express');
var MemoryStore = express.session.MemoryStore;
var sessionStore = new MemoryStore();
var connect = require('connect');
var Session = connect.middleware.session.Session;
var cookie = require('cookie');
module.exports.startServer = function() {
var app = express();
// Configuration
app.configure(function() {
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({
store : sessionStore,
secret : 'secret',
key : 'express.sid'
}));
app.use(express.static(__dirname + '/public'));
app.use(app.router);
});
app.configure('development', function() {
app.use(express.errorHandler({
dumpExceptions : true,
showStack : true
}));
});
app.configure('production', function() {
app.use(express.errorHandler());
});
// Init routes
app.post('/login', function(req, res){
var credentials = req.body;
if (!(credentials.username && credentials.password)){
res.redirect('/login.html');
return;
}
if (credentials.username === 'user1' && credentials.password === 'pass1'){
req.session.user = credentials.username;
req.session.clientId = credentials.clientId;
res.redirect('/post-message.html');
}else{
req.session.destroy();
res.redirect('/login.html');
}
});
app.post('/postMsg', authenticate, function(req, res){
res.send('posted');
});
app.listen(4000);
function authenticate(req, res, next) {
// check if there's a cookie header
if (req.headers.cookie) {
// if there is, parse the cookie
req.cookie = cookie.parse(req.headers.cookie);
req.sessionID= req.cookie['express.sid'];
// note that you will need to use the same key to grad the
// session id, as you specified in the Express setup.
sessionStore.get(req.sessionID, function(err, session) {
if (session && session.user) {
// save the session data and accept the connection
req.session = new Session(req, session);
next();
}
else {
//Turn down the connection
res.redirect('/login.html');
}
});
} else {
// if there isn't, turn down the connection with a message
// and leave the function.
res.redirect('/login.html');
}
}
};
I can see in the debugger that everything seems to work fine until I'm trying to post a message by calling the "/postMsg" route. Then it enters the "authenticate"-function and tries to get the session with the "req.sessionID" from the sessionStore. That does not suceed anymore and the sessionStore.get returns undefined for the session. But if I look in the sessionStore using the debugger I can see that there is a session in the store and it also seems to match the sessionID.
Does anyone know what's wrong with my script?
Thanks for help!