Plugin-Session-Share Cookies

xaponeis

So, first time using NodeBB. I just managed to install it with docker compose and make session-share plugin work.

After I logout and login with another user from my app, the cookie I created is renewed but there is still a cookie called 'express.sid' that it seems to keep the old user session active.

My question is, should I just delete this cookie programmatically, or am I missing something?

julian

@xaponeis by default session sharing trusts that once a user is logged in, they stay logged in.

If you don't want that, change the behaviour of the plugin from "trust" to "revalidate".

xaponeis

Thank you @julian, now is working as I intend to do, the only issue now is if i am logout from my app (i.e., no session share cookie) I got the following error:

[4567/196] - error: GET /
Error: req#logout requires a callback function
    at req.logout.req.logOut (/usr/share/nginx/html/node_modules/passport/lib/http/request.js:65:44)
    at plugin.addMiddleware [as method] (/usr/share/nginx/html/node_modules/nodebb-plugin-session-sharing/library.js:468:8)
    at async Object.fireResponseHook [as response] (/usr/share/nginx/html/src/plugins/hooks.js:272:4)
    at async Hooks.fire (/usr/share/nginx/html/src/plugins/hooks.js:127:17)
    at async /usr/share/nginx/html/src/middleware/index.js:94:2
    at async /usr/share/nginx/html/src/middleware/helpers.js:15:5

and this error only goes away if I login in my app again (create another session cookie), or I delete express.sid cookie (than I can use the forum as a guest). Any idea how to proceed?

julian

@xaponeis That's a bug on my end, I'll patch that up for you today.

Pass callback to req.logout (new as of [email protected]) · Issue #125 · julianlam/nodebb-plugin-session-sharing

[4567/196] - error: GET / Error: req#logout requires a callback function at req.logout.req.logOut (/usr/share/nginx/html/node_modules/passport/lib/http/request.js:65:44) at plugin.addMiddleware [as method] (/usr/share/nginx/html/node_mod...

GitHub (github.com)

julian

@julian This is now patched

xaponeis

Thank you @julian, all working flawless now. You guys are doing an amazing job.

xaponeis

Hey @julian, maybe you can help me with my use case.

I am creating topics on behalf of my users and for that I have to create these users beforehand, so I am using the write API for that.

The thing is, when the user log in using session share, a new user is created because there is no Remote Id -> NodeBB Id mapping set.

My question is, is there a way to create an user through the API with Remote Id, or any other way to solve this issue?

julian

@xaponeis if you create a user with an email set (and then verify it also via the API) then session sharing will merge the accounts

xaponeis

@julian work like a charm, ty