I’m relatively new to Node and I think I have lack some fundamental knowledge when it comes to passport & sessions.I’ve successfully created a simple project with node & passport.js. It has an auth system using the passport-local strategy, with a postgres DB storing user info among other things.I think my gaps in knowledge boil down to these questions:Where does the authorised user information actually get stored? All I see on the browser side is a cookie with name connect.sid and value of something like s%3AIpwawidgpP_Rx1NHlD…. This doesn’t change on login, so presumably the auth. user info is stored against that as a key:value pair on the server somewhere? But I can’t find where. I have redis setup to be the store for express-session as it was advised on the docs. - but even checking the redis DB via redis-cli I can’t seem to find any evidence of auth. user information - e.g. KEYS * -> 1) “sess:Ipwawidgp..” unless I’m missing something obvious with redisAre the session details passed along with each request - and if so how are they accessed?How do I store custom things to the user session, for example a lot of websites have to comply with EU cookie laws - how would I store acceptance of cookies to the user session?I’ve also begun to research socket.io - how do people deal with user auth over socket.io? Say you have a socket.io function that requires user auth. do you access the user session cookie ID client side and pass that to the server and somehow verify the session ID is in fact authorised?If anyone takes the time to read this wall of text, thanks a lot.
Submitted March 08, 2018 at 08:56PM by Chiasmata
No comments:
Post a Comment