authentication - Persistant Login with connect-auth -

-

i'm building node.js , using connect-auth user/pass authentication, , i'd allow users logged in long periods of time. playing around , looking through source seems connect-auth depends on connect sessions maintain authenticated state, once session cookie expires (default 4 hrs) user gets logged out.

one option fork connect-auth , refactor not dependent on req.session, that's non-trivial. option change default age on session cookie high, want session object able die session.

anyone have suggestions? overlooking existing solution?

thanks!

i wouldn't use/fork connect-auth. plugin of connect breaks onion ring idea/architecture of connect , makes (imho) code unreadable/brings unnecessary complexity.

authentification simple library. (if talking simple user login)

i'm using self written auth. can find simplified version below. depends on session-cookies can replaced persistant cookies.

a simple authentication connect

(it's complete. execute testing)

var connect = require('connect'); var urlpaser = require('url');  var authcheck = function (req, res, next) {     url = req.urlp = urlpaser.parse(req.url, true);      // ####     // logout     if ( url.pathname == "/logout" ) {       req.session.destroy();     }      // ####     // user validated?     if (req.session && req.session.auth == true) {       next(); // stop here , pass next onion ring of connect       return;     }      // ########     // auth - replace simple if database or file or whatever...     // if database, need async callback...     if ( url.pathname == "/login" &&           url.query.name == "max" &&           url.query.pwd == "herewego"  ) {       req.session.auth = true;       next();       return;     }      // ####     // user not unauthorized. stop talking him.     res.writehead(403);     res.end('sorry unauthorized.\n\nfor login use: /login?name=max&pwd=herewego');     return; }  var helloworldcontent = function (req, res, next) {     res.writehead(200, { 'content-type': 'text/plain' });     res.end('authorized. walk around :) or use /logout leave\n\nyou @ '+req.urlp.pathname); }  var server = connect.createserver(       connect.logger({ format: ':method :url' }),       connect.cookieparser(),       connect.session({ secret: 'foobar' }),       connect.bodyparser(),       authcheck,       helloworldcontent );  server.listen(3000);

Comments

Post a Comment

Popular posts from this blog

Javascript line number mapping -

-
magically formatted comments change reported line number of javascript errors in browsers; this: //@line n "f" n line number , f file name. unfortunately, //@line appears ungoogleable. know there documentation on feature, , browsers support it? (i found references here , here .) from can find available in mozilla based browsers. it using js_setoptions command can turn these options on or off depending on values passed. https://developer.mozilla.org/en/js_setoptions
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ...
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more