I'm using express and passport module for authentication. I tried in different ways to do redirection after session cookie expires without results. Currently I'm trying with a schedule function after login action. I have the following code:
var express = require('express')
, passport = require('passport')
, util = require('util')
, LocalStrategy = require('passport-local').Strategy
, schedule = require('node-schedule');
var users = [
{id: 1, username: 'user', password: 'passwd'}
];
function findById(id, fn) {
var idx = id - 1;
if (users[idx]) {
fn(null, users[idx]);
} else {
fn(new Error('User ' + id + ' does not exist'));
}
}
function findByUsername(username, fn) {
for (var i = 0, len = users.length; i < len; i++) {
var user = users[i];
if (user.username === username) {
return fn(null, user);
}
}
return fn(null, null);
}
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
findById(id, function (err, user) {
done(err, user);
});
});
passport.use(new LocalStrategy(
function(username, password, done) {
process.nextTick(function () {
findByUsername(username, function(err, user) {
if (err) { return done(err); }
if (!user) { return done(null, false, { message: 'Unknown user ' + username }); }
if (user.password != password) { return done(null, false, { message: 'Invalid password' }); }
return done(null, user);
})
});
}
));
var app = express.createServer();
app.configure(function() {
app.set('views', __dirname + '/views');
app.set('view engine', 'ejs');
app.use(express.logger());
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.session({ secret: 'keyboard cat', cookie: {maxAge: 10000}}));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
app.use(express.static(__dirname + '/../../public'));
});
app.get('/', function(req, res){
res.render('index', { user: req.user });
});
app.get('/login', function(req, res){
res.render('login', { user: req.user, message: 'error' });
});
app.post('/login',
passport.authenticate('local', { failureRedirect: '/login', dfailureFlash: true }),
function(req, res) {
res.redirect('/');
dateExpiration = new Date(Date.now() + 10000);
var j = schedule.scheduleJob(dateExpiration, function(){
console.log('Cookie expiration event');
// How can I redirect to login page after cookie session expires?
//redirect('/login')
});
});
app.get('/logout', function(req, res){
console.log('Logout');
req.logout();
res.redirect('/');
});
app.listen(3000);
function ensureAuthenticated(req, res, next) {
if (req.isAuthenticated()) { return next(); }
res.redirect('/login')
}
Is there another way to detect session cookie expiration event in node.js so that I can redirect to another page?. Thank you.
So, if I understand what you're asking properly, you can't really "detect" a cookie expiration per se.
If a cookie is expired, the browser will not send it to the server, which is to say, cookie expiration actually happens on the browser side, not the server side.
However, if you wanted to "fake" it, you might try something like the following psuedocode:
on "login":
set a cookie that expires in 100x \
the amount of time it takes your session to expire
on "ensureAuthenticated":
check for req.user
if i don't have req.user but have my other cookie
Fire my expiration event, which unsets the other cookie
if i don't have req.user or my other cookie
Send the user to the login page
if i've got req.user
Re-set my other cookie so that i update the expiration
Might not be 100% of what you're looking for, but should be close.