thanks, but i don't understand why the cookie is not being sent on the ajax request after the user was logged in. my angular app is served from foo.my-site.com and the API is served from api-foo.my-site.com so I added domain: '.my-site.com' to the express-session middleware but it's still not working.
On Tuesday, May 12, 2015 at 5:53:22 AM UTC-7, zladuric wrote: > > Two things. > > 1. cookieParser is commented because in the present state it's not a > middleware, just a function that returns one (I think, didn't check it). > If you used `app.use(cookieParser());` instead, I believe you would get > your cookie. > > 2. Auth - you have the app.use(session()); in there. This is why your auth > works. Basically, session will read it's own cookie, even if you don't > parse it for other stuff, like reading data in your request (you shouldn't, > anyway). > > On a side note, you might want to consider removing cookies completely - > just return an auth-token on login response instead of session and cookies. > Then the client only has the token and you don't manage client state. There > is even passport stuff for this. > > On Monday, May 11, 2015 at 7:58:21 PM UTC+2, joel wrote: >> >> I am working on existing code base that someone else wrote. it's >> Angular+Node.js. >> I am trying to split it into 2 apps - serving angular with nginx and API >> service using Node.js. >> >> I have nginx as a reverse proxy. the angular is running on port 3001 and >> the API on 3000. >> The problem is after a successful login (using passport local strategy), >> the next API is being called with no cookie in the request (I see it in the >> chrome console). >> Afret reading https://github.com/jaredhanson/passport/issues/12 I added . >> my-site.com to the express session middleware but it's still not >> working. any tips? >> >> Thanks! >> >> var express = require('express'); >> var favicon = require('serve-favicon'); >> var logger = require('morgan'); >> // var cookieParser = require('cookie-parser') >> var bodyParser = require('body-parser'); >> var session = require('express-session'); >> var allowCrossDomain = require('./allow_cross_domain.js'); >> var app = express(); >> >> // middelwares >> >> // app.use(cookieParser); // i am not sure why it's commented. if i >> uncomment this things don't work. >> app.use(bodyParser.json()); >> app.use(bodyParser.urlencoded({ extended: false })); >> app.use(session({secret: 'sBio', cookie: {maxAge: 4320000, domain: '. >> my-site.com'}, resave:false, saveUninitialized:false})); >> app.use(allowCrossDomain); >> >> // routes >> ... >> ... >> ... >> >> >> -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/38032c22-fc3c-47c7-b99e-4578c214d1e9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.