In node.js and express, there are many examples showing how to get session data.
As you can see when you visit the 3rd link, it's a link to StackOverflow. There was a good answer, but as pointed out in those comments by @UpTheCreek, connect no longer has the parseCookie method. I have just run into this problem as well. All of the tutorials I have found uses connect's parseCookie
method which now doesn't exist. So I asked him how we can get the session data and he said he doesn't know the best approach so I thought I'd post the question here. When using express@3.0.0rc4
, and redis
, how can we get session data and use that to authorize the user? I've been able to use require('connect').utils.parseSignedCookie;
, but when I do that, I always get a warning/error when handshaking,
warn - handshake error Error
and from what I've read it sounds like that isn't a permanent solution anyways.
Ok I got
working on my server. And as I suspected, I got stuck at the point of authorizing. I think I might be going about this the wrong way, so feel free to correct me. In my Redis database, I will have user's information. The first time that they login, I want to update their cookie so it contains their user information. Then the next time they come back to the site, I want to check if they have a cookie and if the user information is there. If it is not there, I want to send them to the login screen. At the login screen, when a user submits information, it would test that information against the Redis database, and if it matches, it would update the cookie with user information. My questions are these:
1) How can I update/change a cookie through RedisStore?
2) It looks like session data is saved only in cookies. How can I keep track of user information from page to page if someone has cookies turned off?
Here is my applicable code:
//...hiding unapplicable code...
var redis = require('');
var client = redis.createClient();
var RedisStore = require('connect-redis')(express);
var redis_store = new RedisStore();
var cookieParser = express.cookieParser('secret');
//...hiding unapplicable code...
app.use(express.session({secret: 'secret', store: redis_store}));
//...hiding code that starts the server and
var SessionSockets = require('');
var ssockets = new SessionSockets(io, redis_store, cookieParser);
io.set('authorization', function(handshake, callback){
//var cookie = parseCookie(handshake.headers.cookie);
// handshake.user = cookie.user;
callback(null, true);
ssockets.on('connection', function(err, socket, session){ ... });
After switching to
for a while I ran into a few problems due to the asynchronous nature of the module when loading the session information. So I ended up creating my own module called It is used like this:Your questions:
Cookies / Sessions / RedisStore Thoughts:
Example node.js Code:
Session and Cookie Thoughts:
Session data is available with:
Have a look at's wiki. Especially the parts Configuring Socket.IO and Authorization and handshaking.
It shows how to use with a
and gives two different authorization methods.More information about connecting express v3, redis and