Sharing a session store on Redis for a Django and a Express.js Application

I want to create a Django application with some logged-in users. On another side, since I want some real-time capabilities, I want to use an Express.js application.

Now, the problem is, I don’t want unauthentified users to access Express.js application’s datas. So I have to share a session store between the Express.js and the Django applications.

I thought using Redis would be a good idea, since the volatile keys are perfect for this fit, and I already use Redis for another part of the application.

On the Express.js application, I’d have this kind of code :

[...]
this.sessionStore = new RedisStore;
this.use(express.session({
  // Private crypting key
  secret: 'keyboard cat', // I'm worried about this for session sharing
  store: this.sessionStore,
  cookie: {
    maxAge: 1800000
  }
}))
[...]

On the Django side, I’d think of using the django-redis-session
app.

So, is this a good idea? Won’t there be any problem? Especially about the secret key, I’m not sure they will both share the same sessions.

Problem courtesy of: Florian Margaine

Solution

You will have to write a custom session store for either Express or Django. Django, by default (as well as in django-redis-sessions) stores sessions as pickled Python objects. Express stores sessions as JSON strings. Express, with connect-redis, stores sessions under the key sess:sessionId
in redis, while Django (not totally sure about this) seems to store them under the key sessionId
. You might be able to use django-redis-sessions as a base, and override encode
, decode
, _get_session_key
, _set_session_key
and perhaps a few others. You would also have to make sure that cookies are stored and encrypted in the same way.

Obviously, it will be way harder to create a session store for Express that can pickle and unpickle Python objects.

Solution courtesy of: Linus Gustav Larsson Thiel

稿源:Node.js Recipes (源链) | 关于 | 阅读提示

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 综合编程 » Sharing a session store on Redis for a Django and a Express.js Application

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录