Koajs session - where is the session stored?
I am using this module for koajs sessions.
I checked the source code, but I really can't figure it out. I am trying to find out where it stores the session data because I do not see the files created and when the server restarts the session data still exists.
I got the feeling that it is storing data in the cookie itself, then I can see that it creates two cookies with scrambled text.
Now, does it encode the data in the cookie itself (insecure) or does it store the data on the server in a way I haven't figured out yet?
source to share
According to this section of code in the koa session library, the session data is JSON encoded, then base64, then bound to a cookie.
Session.prototype.save = function(){
var ctx = this._ctx;
var json = this.toJSON();
var opts = ctx.sessionOptions;
var key = ctx.sessionKey;
// set expire into cookie value
var maxAge = opts.maxAge || ONE_DAY;
json._expire = maxAge + Date.now();
json._maxAge = maxAge;
json = encode(json);
debug('save %s', json);
ctx.cookies.set(key, json, opts); // <-- this is where the session is being saved
};
source to share
I did this by sending Koa servers this.session.passport.id with
yield this.render('template',{id: this.session.passport.id});
and created a client side cookie where the id is stored. When the server requests a client, I send this id with a request via POST or GET, which is allowed by the route:
public.get('/resource/:id',function* (){
console.log('do stuff with your id'+this.params.id);
// for example you can check against the id of the passport user you stored in a database of logged in users ...
});
If you are using passport staff you should think of tokens instead of ID because people might know your Facebook ID. For this reason, markers are how you want to be used to send.
There is a StackOverflow question to help you find your way: nodejs passport authentication token
source to share