Connect has a session middleware that has a pluggable API for session storage. There is a session store for redis, written by TJ Holowaychuk, who maintains both connect and express. There are also session stores for CouchDB, MongoDB, and postgresql that look to be well-maintained and ready for production use.
These are great, but I wanted to store my session data in cookies, because the amount of session data I plan to use is tiny, and because my app is designed to handle high-latency CouchDB database connections gracefully.
After some more searching, I found that the way to store sessions in cookies is to use a whole different middleware that comes with connect! It’s called cookieSession. To use it all I have to do is add this code snippet, and ensure that I have
session_secret set in my app settings:
When using cookie sessions it’s important that the cookie data is small and that the cookie is signed using a session secret, to prevent session fixation. This is documented in the excellent Ruby On Rails Security Guide. Even if you aren’t using RoR I recommend reading it.
Have you considered adding some differing opinions to your article? I think it will really enhance viewers understanding.
I agree with “website” above. ;)
Good stuff, thanks! I was wondering the same thing — great to see it’s already supported.
Thanks also for the security guide link — will definitely give it a review later.
Sigh. The rails docs. “Here is how to create a new session in Rails: reset_session”. Hey, how about tell me what file to put that in? Or even mention that it’s ruby code and not something you type into the console?
Just stumbled across this looking for ideas, good tips. See you in Boulder-land.
You’re visiting? Awesome! Can’t wait to see you.