The Problem is .. sometimes it shows up the wrong user on the screen (someone gets session of another one). but it's hardly happen and i think it only happen when there're some concurrent.
if anything in this code can make this behaviour happen , please suggest.
app.js -- this file has a schema and initiation of model and routes component
var userSchema = mongoose.Schema({
"_id": mongoose.Schema.Types.ObjectId,
"name": String,
"username":String,
"etc":String
});
userMongooseModel = mongoose.model('users',userSchema);
var sessionSchema = mongoose.Schema({
"userID": mongoose.Schema.Types.ObjectId,
"sessionID": String,
"expire":Number
});
sessionMongooseModel = mongoose.model('sessions',sessionSchema);
var UserModel = require(basePath+'/models/UserModel.js').UserModel;
userModel = new UserModel();
var user = require(basePath+'/routes/user');
routes/user.js -- this file is the detail about each route.
exports.editProfilePage = function(req,res){
var httpRes = res;
userModel.checkSession(req.cookies.session,function(res){
if(res.status=='success' && res.type=='photographer')
{
userModel.getByID(res.userID,{},function(resp){
httpRes.render(basePath+'/views/photographer-edit.html',{currentUser:res.user,user:resp.user,etc:'etc'});
});
}
else
{
//if not login or state != 0
httpRes.redirect(baseURL+'/photographerRedirect');
}
});
}
usermodel.js -- this file is to retrieve data from database
var mongoose = require('mongoose');
var ObjectId = mongoose.Types.ObjectId;
var request = require('request');
UserModel.prototype.checkSession = function(sessionID,callback){
sessionMongooseModel.findOne({sessionID:sessionID},function (err, user) {
if(err)
{
callback({status:'fail',errorMsg:'notFound'});
return;
}
if(user==null)
{
callback({status:'fail',errorMsg:'notFound'});
}
else
{
if(user.expire > Date.now())
{
userMongooseModel.findOne({_id:user.userID},{studioName:1,state:1,etc:1},function (err, user) {
if(err || user==null)
{
callback({status:'fail',errorMsg:'notFound'});
return;
}
if(user.type=='photographer' && user.state==0)
{
callback({status:'fail',errorMsg:'wrongUserState',userID:user._id,user:user,etc:1});
}
else
callback({status:'success',userID:user._id,user:user,type:user.type,etc:1});
});
}
else
{
callback({status:'fail',errorMsg:'notFound'});
}
}
});
}
UserModel.prototype.getByIDs = function(userIDs,options,callback){
userMongooseModel.find({_id:{$in:userIDs}},options,function (err, users) {
if(err){
callback({status:'fail',errorMsg:'UserModel.find'});
return;
}
callback({status:'success',users:users});
});
}
Thanks a lot !
(not sure if this is causing the problem, but it seems worth mentioning anyway)
Here, you're passing req.cookies.session, which is an object:
userModel.checkSession(req.cookies.session, ...);
But in checkSession, you're assuming it's an id:
UserModel.prototype.checkSession = function(sessionID, callback) {
sessionMongooseModel.findOne({sessionID:sessionID}, ...);
Just out of curiosity: any reason why you're not using one of the existing MongoDB-backed session stores for Express (like this one)?
Also, Mongoose has it's own way of adding class methods to models, using statics.
The answer is ... cache
Someone in the middle cache the content ,and it also send the wrong content to the wrong person so it seems like session was mixed
the way out is .. make server send flag no cache to the client
res.header('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');