Node+Passport.js + Sessions + multiple servers

2019-04-12 10:23发布

Passport is great. I now discovered that I have some problem with how it handles sessions. I must be using it wrong.

All works well for me with login + sessions + user data I store in my database. However I find that when I move to production environment (cloud on EC2 with multiple servers), I lose the login session each time. This is now clear to me - probably happens since the session is unique to each server.

So my question is - how do I get around this.. I guess I will need to store my own cookie on the user's browser?

Does this mean that I cannot use express.session at all?

Thanks, Ilan

2条回答
再贱就再见
2楼-- · 2019-04-12 11:02

OK, So basically what I was looking for (not sure it would be the same answer for everyone else) was a way to store session data between loadbalanced instances without making a DB call for every page view, which seems excessive to me, since I just need to keep the user signed in to Google/FB.

It seems that the answer I was looking for was the cookie-session middleware https://github.com/expressjs/cookie-session

This needs to replace the default express.session mechanism which uses MemoryStore. BTW MemoryStore itself gives you a warning when run that it will not scale past a single process, and also that it may cause a memory leak.

Which if I understand correctly is serializing the session data itself into the session cookie (encrypted) instead of just using a session ID in the session cookie. This seems perfect to me. Obviously I don't expect it to work if you have a lot of session data, since a cookie is limited in size. In my case, I just needed the name, ID and avatar url, so I think this will suffice. Thanks for everyone who helped.

查看更多
爷、活的狠高调
3楼-- · 2019-04-12 11:02

You need to store your session data in a 'global' area, that is accessible to all your servers. This could be redis or another DB.

Take the example from MEAN.JS. Here they use express-session with a MongoDB storage container (since they are a MEAN stack ; ), via connect-mongo. Their project is super easy to set up, if just for an example.

Code while setting up express is like this:

//top of file
var session = require( 'express-session' )
    mongoStore = require( 'connect-mongo' )( {
        session: session
    } );

//...later in setup

// Express MongoDB session storage
app.use( session( {
    saveUninitialized: true,
    resave: true,
    secret: config.sessionSecret,
    store: new mongoStore( {
        db: db.connection.db,
        collection: config.sessionCollection
    } )
} ) );

// use passport session
app.use( passport.initialize() );
app.use( passport.session() );
查看更多
登录 后发表回答