javascript - Disabling sessions in nodejs Passport.js - Stack Overflow

I just discovered about Tokens for authentication which allows sessionstateless servers and starting o

I just discovered about Tokens for authentication which allows session/stateless servers and starting out with MEAN. Looks amazing.

Right now, I'm using Passport.js to authenticate users (via Email, Facebook, Google,...), which stores information into the server session like all the tutorials say:

 // required for passport
    app.use(express.session({
        secret : 'superscret',
        expires: new Date(+new Date + settings.session.sessionTimeout),
        store: new MongoStore({})
    })); // session secret
    app.use(passport.initialize());
    app.use(passport.session({}));

Is it possible to still use Passport.js but instead of storing the session, sends back a token to monitor if the user has access.

Question: How can disable sessions for passport? (I know how to send the token and listen for it).

I just discovered about Tokens for authentication which allows session/stateless servers and starting out with MEAN. Looks amazing.

Right now, I'm using Passport.js to authenticate users (via Email, Facebook, Google,...), which stores information into the server session like all the tutorials say:

 // required for passport
    app.use(express.session({
        secret : 'superscret',
        expires: new Date(+new Date + settings.session.sessionTimeout),
        store: new MongoStore({})
    })); // session secret
    app.use(passport.initialize());
    app.use(passport.session({}));

Is it possible to still use Passport.js but instead of storing the session, sends back a token to monitor if the user has access.

Question: How can disable sessions for passport? (I know how to send the token and listen for it).

Share Improve this question asked Jul 18, 2015 at 0:15 denislexicdenislexic 11.4k26 gold badges88 silver badges138 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 4

I suggest using satellizer, de-facto standard library for token based authentication in AngularJS. It implements token based authentication only and is much easier to get working for your purposes. It also has good server examples, including Node.js server example.

passportjs supports disabling of the sessions. Docs passport

After successful authentication, Passport will establish a persistent login session. This is useful for the mon scenario of users accessing a web application via a browser. However, in some cases, session support is not necessary. For example, API servers typically require credentials to be supplied with each request. When this is the case, session support can be safely disabled by setting the session option to false.

app.get('/api/users/me',
  passport.authenticate('basic', { session: false }),
  function(req, res) {
    res.json({ id: req.user.id, username: req.user.username });
  });

发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745433782a4627513.html

相关推荐

  • javascript - Disabling sessions in nodejs Passport.js - Stack Overflow

    I just discovered about Tokens for authentication which allows sessionstateless servers and starting o

    5小时前
    10

发表回复

评论列表(0条)

  • 暂无评论

联系我们

400-800-8888

在线咨询: QQ交谈

邮件:admin@example.com

工作时间:周一至周五,9:30-18:30,节假日休息

关注微信