0
votes

I'm trying to set a value in my session object from socket, and in doing so I've found my configuration isn't correct, and I'm not sure why.

Here's all my relevant code, I'm obvious doing some things wrong in there ~100 lines:

var express = require('express')
var engine = require('ejs-locals')
var app = express()
  , cookieParser = express.cookieParser('secret')
  , server = require('http').createServer(app)
  , cookie  =   require('cookie')
  , connect =   require('connect')
  , MemoryStore = connect.middleware.session.MemoryStore
  , sessionStore
  , io = require('socket.io').listen(server);
io.set('log level', 2);

app.use(express.static(__dirname + '/public'));
app.use(express.bodyParser());
app.use(cookieParser);
//app.use(express.session({ secret:'secret', key:'express.sid', store:sessionStore = new   MemoryStore() }));
app.use(express.session({ store:sessionStore = new MemoryStore() }));

io.set('authorization', function (data, accept) {
  if (!data.headers.cookie) 
    return accept('No cookie transmitted.', false);

  data.cookie = cookie.parse(data.headers.cookie);
  data.sessionID = data.cookie['express.sid'];
  console.log(data.sessionID);
  console.log(sessionStore);
  sessionStore.get(data.sessionID, function (err, session) {
    if (err)
      accept(err.message, false); //Turn down the connection
    else {
      console.log(session);
      data.session = session; //Accept the session
      accept(null, true);
    }
  });
});

var mysql = require('mysql');
var dbConnection = mysql.createConnection({
  //connection string
});

app.engine('ejs', engine); // use ejs-locals for all ejs templates:
app.set('views',__dirname + '/views');
app.set('view engine', 'ejs'); // so you can render('index')

dbConnection.connect(function(error) {
  if (error) {
    return console.log("CONNECTION error: " + error);
  }
});

server.listen(8080); //4000


app.get('/lobby/:id', requireAuth, function(request, response){
  console.log('in lobby load');
  response.render('lobby', { player: request.session.player, error: '', room: request.params.id});
});

app.get('/', function(request,response){
  response.render('index', { player: request.session.player , error: '', room: ''});
});

app.post('/', function(request, response){ //login
  console.log('booyeah1');
  var post = request.body;
  dbConnection.query("SELECT id, username, rating, pref_cut_deal, pref_cut_starter, pref_play_card, pref_count_hands FROM players WHERE username = '"+ post.username +"' and password = SHA1('"+ post.password +"') ORDER BY username LIMIT 1",
  function (error, results, fields) {  
    if (error) {
      response.render('index', { player: request.session.player , error: '', room: ''});
      console.log(error);
    }
    if (results.length  > 0) {
      dbConnection.query("Insert into playersessions (player_id, browser_os) values ("+ results[0]['id'] +", '"+ post.browser_os +"' );");
      request.session.player = { id: results[0]['id'], userName: results[0]['username'], rating: results[0]['rating'], prefCutDeal: results[0]['pref_cut_deal'], prefCutStarter: results[0]['pref_cut_starter'], prefPlayCard: results[0]['pref_play_card'], prefCountHands: results[0]['pref_count_hands']};
      response.redirect('/lobby/a');
      console.log('booyeah2');
    }
    else {
      response.render('index', { player: request.session.player , error: 'incorrect username/password', room: ''});
    }
  });
});

function requireAuth(request, response, next) {
  if (!request.session.player)
    response.redirect('/');
  else
    next();
}

var SessionSockets = require('session.socket.io'), 
sessionSockets = new SessionSockets(io, sessionStore, cookieParser);
sessionSockets.on('connection', function (err, socket, session, client) { clientConnect(err, socket, session,client) });

function clientConnect(err, socket, session, client) {
  console.log(session);
  if (session == null) {
    socket.emit('sign out');
  }
  else {
    socket.on('join room', function (room) {
      //do stuff 
    });
  }
}

When I run the above, everything works, sort of. Except that the session ID in the cookie, and the session ID in the sessionStore don't match. However, when I comment out:
app.use(express.session({ store:sessionStore = new MemoryStore() }));
And I comment in:
//app.use(express.session({ secret:'secret', key:'express.sid', store:sessionStore = new MemoryStore() }));
Which is what I think I need in order for the session IDs to agree with each other, then in clientConnect the session is null and I'm instantly logged out upon logging in. Any idea where I'm going wrong?

2

2 Answers

0
votes

So I got it working. I'm just hacking out the parts of the express sid that I don't want. I'm not sure if there's a more elegant/fail-proof way to do this?? And then I'm using sessionStore.load instead of .get.

io.set('authorization', function (handshake, accept) {
  if (!handshake.headers.cookie) 
    return accept('No cookie transmitted.', false);
  handshake.cookie = cookie.parse(handshake.headers.cookie);
  handshake.sessionID = handshake.cookie['express.sid'].substring(2).split('.')[0];
  sessionStore.load(handshake.sessionID, function (err, session) {
    if (err)
      accept(err.message, false); //Turn down the connection
    else {
      handshake.session = session; //Accept the session
      accept(null, true);
    }
  });
});
0
votes

Try the following and let me know if that works.

io.set('authorization', function (data, accept) {
  if (!data.headers.cookie) 
    return accept('No cookie transmitted.', false);

  data.cookie = cookie.parse(data.headers.cookie);
  cookieParser(data, {}, function(err) {
    if(data.signedCookies){
      data.sessionID = data.signedCookies['express.sid']; //fixed typo here
      console.log(data.sessionID);
      console.log(sessionStore);
      sessionStore.get(data.sessionID, function (err, session) {
        if (err)
          accept(err.message, false); //Turn down the connection
        else {
          console.log(session);
          data.session = session; //Accept the session
          accept(null, true);
        }
      });
    }
  });
});