session-cookies

I have an Express 4 app setup to have sessions. // Sessions app.use(cookieParser()); app.use(session({ secret: "some-secret" })); // Signup app.post("/signup", function (req, res) { create_user(req.body.user, function (err, user_id) { req.session.user_id = user_id; res.redirect("/admin"); }); }); When I submit the form, it saves the user_id to the req.session. However, when I restart the server, the session is gone. Why isn't it persisting? Am I missing some configuration? The default session store for express-session is MemoryStore, which as the name suggests, stores sessions in memory only.

I have a question regarding URLs: I've read the RFC 3986 and still have a question about one URL: If a URI contains an authority component, then the path component must either be empty or begin with a slash ("/") character. If a URI does not contain an authority component, then the path cannot begin with two slash characters ("//"). In addition, a URI reference (Section 4.1) may be a relative-path reference, in which case the first path segment cannot contain a colon (":") character. The ABNF requires five separate rules to disambiguate these cases, only one of which will match the path

In my website when the user clicks on the "Logout" button, the Logout.aspx page loads with code Session.Clear() . In ASP.NET/C#, does this clear all cookies? Or is there any other code that needs to be added to remove all of the cookies of my website? Kirill Try something like that: if (Request.Cookies["userId"] != null) { Response.Cookies["userId"].Expires = DateTime.Now.AddDays(-1); } But it also makes sense to use Session.Abandon(); besides in many scenarios. No, Cookies can be cleaned only by setting the Expiry date for each of them. if (Request.Cookies["UserSettings"] != null) {

Bringing this question to SO since the express group didn't have an answer . I'm setting the session maxAge = 900000 and I see that the the expires property on the session cookie is set correctly. However, on subsequent requests the timeout is not being extended. It is never extended and the cookie eventually expires. The session middleware docs say that Session#touch() isn't necessary because the session middleware will do it for me. I actually tried calling req.session.touch() manually and that did nothing, I also tried setting the maxAge on the req.session.cookie as well and that did

Few weeks ago we had one of our customers contacting us saying that sometimes when he creates an activity it gets created under someone else's name! We did some troubleshooting and couldn't find anything. We asked the user to contact us the next time he was experiencing these issues. He did contact us and we were able to do a gotomeeting with him and see the issue with our own eyes. It was not only the activities, he was recognized as someone else in the application. He had access to everything that other person should had access to. That was when we realized we are having a session mixed up

I would like to create some kind of countdown timer based on the time the OWIN cookie will expire. I am using OWIN with MVC 5 and from what I understand SlidingExpiration is on by default. I do not use 'session' as I need this app to live within a web farm (I dont plan on deploying a session database). Phyo All you need is to get hold of the CookieValidateIdentityContext during the cookie validation stage. Once you get it, extract whatever you need and keep them as Claim or some other way that you prefer. For MVC 5 with Asp.NET Identity 2.0, you need to perform two steps: Define custom

I have an application that has been working with session variables no problem. I start the session before the headers on every page that uses when, it has been fine then it seems all of a sudden I'm getting an undefined index error when I navigate to a page other than the one that sets up the session variables. But only on some browsers . Sometimes sessions are maintained and sometimes they aren't. It seems that cookies aren't being stored some of the time. I've done checks using different browsers and sometimes cookies are stored and sometimes not. I did an experiment. I was using firefox to

Whats the recommended way to set httponly and secure flags on the PHPSESSID cookie? I found http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-httponly . Any better suggestions? thanks In my opinion the best would be: http://www.php.net/manual/en/function.session-set-cookie-params.php void session_set_cookie_params ( int $lifetime [, string $path [, string $domain [, bool $secure = false [, bool $httponly = false ]]]] ) user2741089 ini_set('session.cookie_httponly', 1); more information here on the PHP docs allieferr I was unable to get the secure flag working with