Access & modify a specific user session
LM1LC3N7 opened this issue · comments
Hi,
I'm searching how I can access to a specific user session and change it.
For exemple:
- An admin remove the admin right of a specific user
- This user is already connected but is forced to disconnect in order to apply his new rights
How can I modify or delete a specific user session from another user?
Hi @flexbrane it's possible for your use-case you may want to use something like expess-session
module instead of this module. Since this module stores nothing on the server and stores all information in the user's web browser, it's not possible to access any user's session to change it without building out an entire system on your end. Modules that store sessions server-side like express-session
make what you're trying to to trivial (look up the session in the db and modify it).
But to do this, I must use another database, right?
To me, cookie-session was only store a session id in the web browser, id that corresponding to a server session store in RAM. I'm am wrong?
Because when I restart my server, all sessions are reseted.
To me, cookie-session was only store a session id in the web browser, id that corresponding to a server session store in RAM. I'm am wrong?
That is not correct; the entire session is within the web browser; this module has no session IDs at all, nothing is stored in server memory and there are no connections to databases from this module.
The contents of req.session
are run through JSON.stringify()
and then that resulting string is stored, base64, in the cookie. That's why you need to keep in mind how much you store in your session so you don't grow your cookie too large (https://github.com/expressjs/cookie-session#max-cookie-size).
Thank you for these explainations!
So I must use another cookie module, like express-session