I am not able to get this working for me, do you have a working example for same

azuqua / jwt-redis-session

JSON Web Token Session Middleware

MIT License

75 stars 24 forks source link

I am not able to get this working for me, do you have a working example for same #6

Open idmanish opened 8 years ago

aembke commented 8 years ago

Can you describe what you tried and what error message you saw?

idmanish commented 8 years ago

To add my token with session in redis , I wrore below code. req.jwtSession.user = user.toJSON();

  // Manish-this will be attached to the JWT Redis
  var claims = {
      iss: "test",
      aud: "http://localhost:9000"
  };
  req.jwtSession.create(claims, function(error, token){
      res.json({ token: token });
  });

It able to add just user in redis with a session UUID , which I passed in redis ( req.jwtSession.user = user.toJSON();)

Later at the time of logout I tried this req.jwtSession.destroy(function(error){ console.log("Session removed from redis", error); });

then I am getting error:- "Error: Invalid session id"

I am not sure how to pass session id to this.

aembke commented 8 years ago

That error means that the request did not contain a valid JWT, or that the session had already expired or been removed from redis. If you console.log(req.jwtSession) what values do you see?

idmanish commented 8 years ago

In can see in "Redis Desktop manager" that session is available, I am just doing login and immediately logout. console.log-- after login Request JWT session data: { create: [Function], touch: [Function], update: [Function], reload: [Function], destroy: [Function], toJSON: [Function], user: { _id: 5670cf84ace2e45042927e7b, provider: 'local', name: 'manish', email: 'manish@abc.com', userid: 4567890, } }

console.log-- Just before logout req.jwtSession------------------------- { create: [Function], touch: [Function], update: [Function], reload: [Function], destroy: [Function], toJSON: [Function] }

One more things...I want to handle scenario like force browser close, how can I destroy my session in this case of browser close

aembke commented 8 years ago

Can you also verify that you're passing the JWT on the logout request? That console.log info seems to show that the module did not find the JWT in the logout request. I would also log the data from the express request object to verify that you're passing the JWT in the query, body, or headers.

idmanish commented 8 years ago

yes, I am passing jwt token with each request using interceptor at client side I am also verifying all client request using server side with a additional middleware app.all('/api/v1/auth/*', auth.isAuthenticated());

auth.isAuthenticated() actually doing this validateJwt(req, res, next);

Its validating JWT token so JWT is available but not sure why "req.jwtSession-" is not having user info which is there in redis

Since I am not able to delete Redis session there are multiple entries in redis for same user.