-
Notifications
You must be signed in to change notification settings - Fork 280
Expand file tree
/
Copy pathsessions.html
More file actions
90 lines (86 loc) · 4.7 KB
/
Copy pathsessions.html
File metadata and controls
90 lines (86 loc) · 4.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<a href="https://github.com/socketstream/socketstream/edit/master/src/docs/tutorials/en/sessions.ngdoc" class="improve-docs"><i class="icon-edit"> </i>Improve this doc</a><h1><code ng:non-bindable=""></code>
<div><span class="hint"></span>
</div>
</h1>
<div><div class="sessions-page"><h2 id="sessions">Sessions</h2>
<p>SocketStream uses session IDs to track the active running clients. The typical Cookie based approach is implemented as
an add-on in <code>socketstream/socketstream-cookie-session</code>. By adding it to installed modules it will be used to manage
sessions. Session information can be accessed for HTTP middleware and Streaming middleware alike.</p>
<p>This means you're able to write data to a session from SocketStream and then use it in Express.js or any other page-based
framework which uses Connect - especially useful when performing authentication.</p>
<h4 id="sessions_using-sessions-over-websockets">Using Sessions over Websockets</h4>
<p>For optimum speed and flexibility, session data is not retrieved by default when a websocket request is processed by the server. Before you do anything with sessions, you'll need to activate the internal <code>session</code> <a href="#/tutorials/request_middleware">Request Middleware</a> as shown below:</p>
<pre class="prettyprint linenums">
// server/rpc/app.js
exports.actions = function(req, res, ss) {
// Load session data into req.session
req.use('session');
return {
testAction: function(){
console.log('This request now has session data:', req.session);
}
}
}
</pre>
<h5 id="sessions_using-sessions-over-websockets_getting/setting-custom-session-data">Getting/Setting Custom Session Data</h5>
<pre class="prettyprint linenums">
// server/rpc/app.js
exports.actions = function(req, res, ss) {
// Load session data into req.session
req.use('session');
return {
getSession: function() {
console.log('The contents of my session is', req.session);
},
updateSession: function(){
req.session.myVar = 1234;
req.session.cart = {items: 3, checkout: false};
req.session.save(function(err){
console.log('Session data has been saved:', req.session);
});
}
}
}
</pre>
<h4 id="sessions_using-sessions-over-http">Using Sessions over HTTP</h4>
<p>The same session data is automatically loaded into <code>req.session</code> when accessed over HTTP. For example, append this route to your <code>app.js</code> file:</p>
<pre class="prettyprint linenums">
// app.js
ss.http.route('/updateSession', function(req, res) {
req.session.myVar = 4321;
res.end('req.session.myVar has been updated to', req.session.myVar);
});
</pre>
<p>Note: There is no need to call <code>req.session.save()</code> if you're calling <code>res.end()</code>.</p>
<h4 id="sessions_using-tokens-and-local-storage">Using Tokens and Local Storage</h4>
<p>Since the session strategy is managed by an add-on you can make your own strategy. It can use any combination of
tokens and cookies.</p>
<p>You can configure <code>socketstream-cookie-session</code> to use localStorage and httpOnly cookies which will be more
compatible with Hybrid App frameworks like PhoneGap.</p>
<pre><code>ss.set('*',{
session: { cookie: {httpOnly:true}},
ws: { client: {localStorage:true}}
});
</code></pre><p>Note: this is draft, and isn't yet fully implemented.</p>
<h4 id="sessions_session-stores">Session Stores</h4>
<p>The in-memory Connect Session Store is used by default to allow you to start developing easily. Before your app goes into production you <strong>must</strong> use a Connect Session Store with a persistent backend to avoid memory leaks.</p>
<p>We have bundled the <code>connect-redis</code> store as standard as this makes an excellent choice. To use it, add the following line to your <code>app.js</code> file:
<pre class="prettyprint linenums">
// in app.js
ss.session.store.use('redis');
</pre>
<p>Any Redis configuration can be passed to the second argument (e.g <code>{port: 1234}</code>).</p>
<h4 id="sessions_auto-expiring-sessions">Auto-expiring Sessions</h4>
<p>By default sessions will expire within 30 days, unless the session is terminated beforehand (e.g. the user closes the browser). To set a different expiry time put the following in your <code>app.js</code> file:
<pre class="prettyprint linenums">
// in app.js
ss.session.options.maxAge = 8640000; // one day in milliseconds
</pre>
<h4 id="sessions_setting-a-secret">Setting a Secret</h4>
<p>By default the cookie parser will use <code>'SocketStream'</code> as its secret. You
<em>should</em> set your own secret in production:</p>
<pre class="prettyprint linenums">
// in app.js
ss.session.options.secret = crypto.randomBytes(32).toString();
</pre>
</div></div>