I'm creating a small MERN app for signup, login and after successful login, it shows their profile.
1. I want the user to log-in and if it's successful I will send the user._id to the react app and redirect it to profile/user._id
2. At the profile page in the ComponentDidMount method, I will do a get-request to get the user-data from my server using it's user._id.
3. In this get-request, I want to check if this user has an active session or not so that even if someone uses an URL: profile/some_user_id it will always check for an active session.
My question is:
1. Do I need to explicitly send the cookie to the client if yes then how or express-session will do it for me.
2. After the solution to 1 how can I access this saved data int\ the session when I do /profile/id get-request.
My app.js
require('./passport')(passport);
app.use(cookieParser());
//Express session
app.use(
session({
secret: 'secret',
resave: true,
saveUninitialized: false,
cookie: { maxAge: 60*60*1000 },
})
);
app.use(passport.initialize());
app.use(passport.session());
app.post('/login', (req, res, next) => {
passport.authenticate('local', (err, user, info) => {
if(err) {
res.status(203).send(err);
} else {
if(user) {
req.login(user, err => {
req.session.user = user;
console.log(req.session);
res.status(200).send(user._id);
})
} else {
res.status(202).send(info);
}
}
})(req, res, next);
});
app.get('/profile/:id', (req, res, next) => {
const id = req.params.id;
console.log(req.session);
res.send("session is running");
})
My passport.js
passport.use(
new LocalStrategy({usernameField: 'email', passwordField: 'password'}, (email, password, done) => {
// Match User
User.findOne({email: email}, (err, user) => {
if(err) {
return done(err);
}
if(!user) {
return done(null, false, { msg: 'Input data incorrect!'})
}
// Match Password
bcrypt.compare(password, user.password, (err, isMatch) => {
if(err) throw error;
if(isMatch) {
return done(null, user);
} else {
return done(null, false, { msg: "Input data incorrect!"})
}
});
})
})
);
passport.serializeUser((user, done) => {
done(null, user.id);
});
passport.deserializeUser((id, done) => {
User.findById(id, (err, user) => {
done(err, user);
});
});
console.log(req.session) in the '/login' post request.
Session {
cookie: {
path: '/',
_expires: 2020-07-03T18:44:55.179Z,
originalMaxAge: 3600000,
httpOnly: true,
secure: false
},
passport: { user: '5ef7a8b55570c353bc1aef12' },
user: {
_id: 5ef7a8b55570c353bc1aef12,
email: 'mukeshgupta202000@gmail.com',
userName: 'asdd',
password: '$2b$10$wzF6uwxcFNHgi4NdNBL5A.wEAs4W14zQ8YpEboPJWttvRaIO6MXCq',
createdAt: 2020-06-27T20:14:45.303Z,
updatedAt: 2020-06-27T20:14:45.303Z,
__v: 0
}
}
console.log(req.session)
console.log(req.session.user) in the '/user/:id' getrequest.
Session {
cookie: {
path: '/',
_expires: 2020-07-03T18:44:57.514Z,
originalMaxAge: 3600000,
httpOnly: true,
secure: false
}
}
undefined