jasisk
commented
8 years ago Precisely as it reads. req.session needs to be available. In other words (as mentioned in the README):
Please note that you must use express-session, cookie-session, their express 3.x alternatives, or other session object management in order to use lusca.
So add a session provider (express-session with the default MemoryStore is totally sufficient for development though not for production) before lusca and all should be good.
I was trying to use lusca with client-session library and it fails with the below error. Can you please share your views.
lusca requires req.session to be available in order to maintain state
Error: lusca requires req.session to be available in order to maintain state at Object.create (/Users/msubbiah/sample/sessionapp/node_modules/lusca/lib/token.js:13:15) at getCsrf (/Users/msubbiah/sample/sessionapp/node_modules/lusca/lib/csrf.js:34:22) at checkCsrf (/Users/msubbiah/sample/sessionapp/node_modules/lusca/lib/csrf.js:57:20) at Layer.handle as handle_request at trim_prefix (/Users/msubbiah/sample/sessionapp/node_modules/express/lib/router/index.js:312:13) at /Users/msubbiah/sample/sessionapp/node_modules/express/lib/router/index.js:280:7 at Function.process_params (/Users/msubbiah/sample/sessionapp/node_modules/express/lib/router/index.js:330:12) at next (/Users/msubbiah/sample/sessionapp/node_modules/express/lib/router/index.js:271:10) at clientSession (/Users/msubbiah/sample/sessionapp/node_modules/client-sessions/lib/client-sessions.js:630:5) at Layer.handle as handle_request