Node.js use Redis as Session storage

        In previous post, we use default Session storage to test. However, it is not suitable in production stated by the developer.

"Warning The default server-side session storage, MemoryStore, is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing. "

         In this post, I will use Redis (famous and widely-used in-memory store) as the storage of Session. We can also the module connect-redis in express-session npm package webpage. We modify the code(v2.3) in post Node.js use passport with LocalStrategy in Authentication Part 4. It use session to use login user information and failure messages.

         If you just follow the steps in connect-redis webpage and run, you will find connect error message in terminal.

import {RedisStore} from "connect-redis"
import session from "express-session"
import {createClient} from "redis"

// Initialize client.
let redisClient = createClient()
redisClient.connect().catch(console.error)

// Initialize store.
let redisStore = new RedisStore({
  client: redisClient,
  prefix: "myapp:",
})

// Initialize session storage.
app.use(
  session({
    store: redisStore,
    resave: false,
    saveUninitialized: false,
    secret: "keyboard cat",
  }),
)

        It is because we haven't installed the redis server in our machine. We go to the Redis (open-source) official page for the instruction to install. I'm using ubuntu 24.04 now but I follow the installation step with APT

sudo apt-get install lsb-release curl gpg
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
sudo apt-get update
sudo apt-get install redis

        After install, we should be able to run our code without error message now.

        If we login successfully, postman will get /secrets page message. The terminal also print out the content of Session saved by the passport module.

        We also can get message if we directly access GET /secrets (not send username and password in the body) after login

        If we clear postman cookie and then login with wrong password, the server return the "incorrect password" message to postman.

The session data remain even restart node.js

        If we use postman login before and does not clear the cookie, we still can access GET /secrets page even we had terminate node.js and restart it. It is because the session data is stored in Redis now (separated storage space).

Browser the content in Redis

         We can view the redis in Visual Studio Code with extension plugin. We click on the extension button on the left panel of VS code and type in the keyword redis to search the plugin. I have installed the first one.
        Now a new icon will appear on the left panel under database icon. Click this new button and click the "Create Connection" button
 
        Below tab is opened. We select Redis as the Server Type and keep others default. Then we click the "+connect" button at the bottom.

        Now we will see a connection appear in left hand side.


         We browse it and can see our Session content. "mysession" is the prefix we defined when create the redisStored in our code. The storage space name "0" because we don't pass any setting to createClient of redis module. 
        To connect different space, we can pass a object with 'url' property name and value redis[s]://[[username][:password]@][host][:port][/db-number] . For more detail, we can refer to redis npm package page.    

        The source code used is uploaded to github
 

         

 

Comments

Post a Comment

Popular posts from this blog

Use okhttp to download file and show progress bar

Image
  Okhttp also can be used to download files from the internet to the app-specific storage . In this post, download progress is shown by the progress bar. The outcome can be viewed in this link . First, Internet permission is required in the manifest file <uses-permission android :name = "android.permission.INTERNET" /> Then we add the dependency of Okhttp in the module’s build.gradle file. The download process is done in coroutines so kotlinx-coroutines dependency also is required implementation 'com.squareup.okhttp3:okhttp:4.9.3' implementation 'org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3' The developer of okhttp library has provided the example for download and get the progress in https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/Progress.java After studying the code, I implemented it in Kotlin and modified it a bit. A class is created to handle the download. The constructor has CoroutineScope and Prog...
Read more

Download File into app specific storage with Retrofit

Image
  In the previous post , DownloadManager is used to download files into the device’s public directory. If the file contains sensitive data, we hope the file can be saved into the app-specific storage rather than public directory. Therefore, we need another method to download. Retrofit is a type-safe  HTTP client which help us transfer information and data over a network. Dependency Add below dependency into module build.gradle file. implementation( "com.squareup.retrofit2:retrofit:2.9.0" ) implementation( "com.squareup.retrofit2:converter-gson:2.9.0" ) We add codes on the same module of DownloadManager. A button is added next to the DownLoadManager Button. When it is clicked, it will start to download the file using Retrofit. Implementation We first create a interface so that Retrofit can translate the java/Kotlin function to HTTP API.  The notation @Streaming is used for downloading large file so that it would not write too large data into memory at once. The do...
Read more

Unzipp file with Zip4j library

Image
  Java library has a built-in class java.util.zip.ZipFile and java.util.zip.ZipInputSteam. However, those class only can unzip files without a password.  For those zip files with password protected, we use 3rd party library Zip4j I have created a password protected zip file for testing. Structure like this. The name with ‘/’ is a directory. All files are photo in jpg format. Photo2/ 20190314_103435_HDR.jpg 20190314_112925_HDR.jpg 20190314_103702_HDR.jpg primary/ 20190316_121528_HDR.jpg secondary1/ 20190422_155924_HDR.jpg seconday2/ 20190314_103252_HDR.jpg  Test zip file download link: https://drive.google.com/uc?export=download&id=1XDMUGuvOPkTR2TH_Ikb5-2SIR7nXQ6yk Unzip password: aB3d Add dependency in the module gradle. implementation 'net.lingala.zip4j:zip4j:2.11.5' I have created a new module for this practice and copied the code used in the previous practice download file with Okhttp . Three ...
Read more