search

mozilla / node-client-sessions

secure sessions stored in cookies
Mozilla Public License 2.0
759 stars 104 forks source link

Not a drop in replacement for express-session? #134

Closed peebles closed 6 years ago

peebles commented 6 years ago

I have a passport plugin (for auto0, based on oauth2 I believe). I am trying to avoid a persistent store on the server side, so I found this module, but if I replace my previous code with

app.use(
  sessions({
    secret: 'K5wOf270jUAgTFcBsP6URQ934OL7hsqu',
    duration: 24 * 60 * 60 * 1000, // how long the session will stay valid in ms
    activeDuration: 1000 * 60 * 5 // if expiresIn < activeDuration, the session will be extended by activeDuration milliseconds
  })
);

Then the passport module fails with

Error: OAuth 2.0 authentication requires session support when using state. Did you forget to use express-session middleware?
    at SessionStore.store (/Users/peebles/uplift/ul-merchant-portal/node_modules/passport-oauth2/lib/state/session.js:39:39)
    at Strategy.OAuth2Strategy.authenticate (/Users/peebles/uplift/ul-merchant-portal/node_modules/passport-oauth2/lib/strategy.js:253:28)
    at Strategy.authenticate (/Users/peebles/uplift/ul-merchant-portal/node_modules/passport-auth0/lib/index.js:67:27)
...

Is there a way to use this as a simple dropin?

peebles commented 6 years ago

Hah! Just set cookieName to 'session' and it works. Just had to read between the lines. Be nice to add a blurb in the README about this.