why on refresh, user no longer authenticated or returns false? seems data in user store being reset or tossed out. example actions :
class useractions { manuallogin(data) { this.dispatch(); userwebapiutils.manuallogin(data) .then((response, textstatus) => { if (textstatus === 'success') { this.actions.loginsuccess(data.email); } }, () => { }); } loginsuccess(email) { this.dispatch(email); } logout() { this.dispatch(); userwebapiutils.logout() .then((response, textstatus) => { if (textstatus === 'success') { this.actions.logoutsuccess(); } }, () => { }); } logoutsuccess() { this.dispatch(); } } export default alt.createactions(useractions); and store this..
class userstore { constructor() { this.user = immutable.map({}); this.on('init', this.bootstrap); this.on('bootstrap', this.bootstrap); this.bindlisteners({ handleloginattempt: useractions.manuallogin, handleloginsuccess: useractions.loginsuccess, handlelogoutattempt: useractions.logout, handlelogoutsuccess: useractions.logoutsuccess }); } bootstrap() { if (!immutable.map.ismap(this.user)) { this.user = immutable.fromjs(this.user); } } handleloginattempt() { this.user = this.user.set('iswaiting', true); this.emitchange(); } handleloginsuccess() { this.user = this.user.merge({ iswaiting: false, authenticated: true }); this.emitchange(); } handlelogoutattempt() { this.user = this.user.set('iswaiting', true); this.emitchange(); } handlelogoutsuccess() { this.user = this.user.merge({ iswaiting: false, authenticated: false }); this.emitchange(); } } // export our newly created store export default alt.createstore(userstore, 'userstore'); i check if user authenticated doing user.getstate().user.get(authenticated), after login comes true, if type in url manually or refresh page returns false afterwards. using react-router , think falls apart.
<route> <route name ="dash" path="/dashboard" handler={app}> <route name ="dashboard" path="/dashboard" handler={dashboard}/> <route name ="reports" path="/reports" handler={report} /> <route name ="employees" path="/employees" handler={employees}/> <route name ="myemployees" path="/memployees" handler={myemployees}/> <route name ="allemployees" path="/aemployees" handler={allemployees}/> <route name ="profile" path="/profile" handler={profile}/> <route name ="reportstocomplete" path="/reportsc" handler={reportstocomplete}/> <route name ="addreport" path="/addreport" handler={addreports}/> <route name ="readme" path="/readme" handler={readme}/> <route name ="statistics" path="/statistics" handler={stats}/> <route name ="signup" path="/signup" handler={signup} /> <route name ="login" path="/" handler={login} /> </route> </route> after login, rerenders screen if succesfull , allows user head dashboard, once i'm there user still 'authenticated', can navigate route buttons click on webpage or buttons on navbar (via react-router). if however, refresh, click on link, or manually type in /dashboard or /posts show state of user not authenticated in console. store user info in local storage or something? i'm using mongo save user data , working fine, pretty frustrating when can't figure out why works this..
i figured out problem was. on server save session cookie cookieparser , had set secure option true. therefore wouldnt create cookie on wasn't https. localhost doesnt run on https, why continue forget user in store.
app.use(cookieparser()); // create session middleware given options // note session data not saved in cookie itself, session id. session data stored server-side. // options: resave: forces session saved session store, if session never // modified during request. depending on store may necessary, can // create race conditions client has 2 parallel requests server , changes made // session in 1 request may overwritten when other request ends, if made no // changes(this behavior depends on store you're using). // saveunitialized: forces session uninitialized saved store. session uninitialized when // new not modified. choosing false useful implementing login sessions, reducing server storage // usage, or complying laws require permission before setting cookie. choosing false // race conditions client makes multiple parallel requests without session // secret: secret used sign session id cookie. // name: name of session id cookie set in response (and read in request). // cookie: please note secure: true recommended option. // however, requires https-enabled website, i.e., https necessary secure cookies. // if secure set, , access site on http, cookie not set. app.use(session({ resave: true, saveuninitialized: true, // use generic cookie name security purposes key: 'sessionid', secret: secrets.sessionsecret, // add httponly, secure attributes on session cookie cookie: { httponly: true, secure: true }, store: new mongostore({ url: secrets.db, autoreconnect: true}) })); app.use(passport.initialize()); app.use(passport.session()); app.use(flash()); just got rid of httponly , secure part of cookie since runs on https
Comments
Post a Comment