brzm brzm - 1 year ago 115
Node.js Question

Passport.js session management without cookie

I'm pretty new to the node world. I have looked around for this for few days, and I can't find the way to do it with existing npm "official" solutions. If there apologies, I'll hopefully get better in finding the right node resources.

I have implemented a working passport local policy following the various examples available on the internet. It works well

I now want to implement session management, specifically I don't want to use cookies and use

parameters instead. The reason behind it is that I'm building this for an API service that might have to work with custom protocols (other than HTTP) where cookies/headers don't exist.

I have seen all sessions support implementation with passport and they all seems to rely on the express/connect session package, that, in turn, seems to support only cookie and have no way to read/write sessions key in

Before I roll out my own bespoke solution, could you point me to anything already available, if it exists?

Answer Source

it looks like that no, there is no way to do that, and the situation is still the one that can be inferred from this answer: passport.js local strategy- logging in with username, authenticate later requests with token` by the passport.js creator himself.

I ended up creating my own. For the record the approach I used is to have two passport strategies:

  • a local strategy to handle login, and create a jwt token that is sent back to the user.
  • a bearer strategy to authenticate follow-up requests, retrieving the token from either GET or POST parameters, and using the user id stored in the token to query the users database. The jwt solution uses node-jwt-simple

It all works, but I have lost the ability to easily fallback to a cookie based session. Hopefully someone more skilled than me might be able to create a solution to do so, taking advantage of the standard express session nmp