Since connect doesn't use the parseCookie method anymore, how can we get session data using express?

Question

In node.js and express, there are many examples showing how to get session data.

• Node.js and Socket.io
• Express and Socket.io - Tying it all Together<

Answer 1

Have a look at socket.io's wiki. Especially the parts Configuring Socket.IO and Authorization and handshaking.

It shows how to use socket.io with a RedisStore and gives two different authorization methods.

More information about connecting express v3, redis and socket.io

• connect issue#588
• socket.io and express 3
• session.socket.io module
• socket.io-express library

Answer 2

After switching to session.socket.io for a while I ran into a few problems due to the asynchronous nature of the module when loading the session information. So I ended up creating my own module called session.io. It is used like this:

var express = require('express');
var app = express();
var server = require('http').createServer(app);

//Setup cookie and session handlers
//Note: for sessionStore you can use any sessionStore module that has the .load() function
//but I personally use the module 'sessionstore' to handle my sessionStores.
var cookieParser = express.cookieParser('secret');
var sessionStore = require('sessionstore').createSessionStore();

app.configure(function(){
  app.set('port', process.env.PORT || 3000);
  //...truncate...//
  app.use(cookieParser);
  //make sure to use the same secret as you specified in your cookieParser
  app.use(express.session({secret: 'secret', store: sessionStore}));
  app.use(app.router);
});

app.get('/', function(req, res){
  res.send('<script src="/socket.io/socket.io.js"></script><script>io.connect();</script>Connected');
});

server.listen(app.get('port'), function(){
  console.log('Listening on port ' + app.get('port'));
});

var io = require('socket.io').listen(server);

io.configure(function(){
  //use session.io to get our session data
  io.set('authorization', require('session.io')(cookieParser, sessionStore));
});

io.on('connection', function(socket){
  //we now have access to our session data like so
  var session = socket.handshake.session;
  console.log(session);
});

Answer 3

Your questions:

1. How can I update/change a cookie through RedisStore?
2. It looks like session data is saved only in cookies. How can I keep track of user information from page to page if someone has cookies turned off?

Cookies / Sessions / RedisStore Thoughts:

1. Typically, you have exactly one cookie, which is the session id
2. All user-state is stored on the server in a "session" which can be found via the session id
3. You can use Redis as your back-end storage for your session data.
4. Redis will allow you to keep session state, even when your server is restarted (good thing)
5. You can store a mountain of data in your session (req.session.key = value)
6. All data stored in the session will be persistant until the user logs out, or their session expires

Example node.js Code:

var app = express.createServer(
  express.static(__dirname + '/public', { maxAge: 31557600000 }),
  express.cookieParser(),
    express.session({ secret: 'secret', store: new RedisStore({
          host: 'myredishost',
          port: 'port',
          pass: 'myredispass',
          db: 'dbname',
      }, cookie: { maxAge: 600000 })})
);

Session and Cookie Thoughts:

1. Your second issue us about sessions without cookies. This is possible.
2. You, basically, put the session id on the url of every request you send to the server.
3. I strongly believe that most people allow cookies.
4. If this is a requirement, google: "session without cookies"

Answer 4

Session data is available with:

req.session