Remove password from user session after login












0















When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:



User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}


So instead of req.session.user = user maybe I would have to do:



req.session.user.email = user.email
req.session.user.firstName = user.firstName


And so on. I did try this but the password still remains in the session:



req.session.user = { ...user }
delete req.session.user.password









share|improve this question

























  • Have you tried, delete user.password and then req.session.user = user ?

    – Mayur
    Dec 30 '18 at 14:40











  • Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch

    – user8463989
    Dec 30 '18 at 17:05











  • Instead of deleting the password after copying, did you try to copy the user object without it? const { password, ...restOfUser } = user; req.session.user = restOfUser; ?

    – Narigo
    Dec 30 '18 at 19:50
















0















When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:



User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}


So instead of req.session.user = user maybe I would have to do:



req.session.user.email = user.email
req.session.user.firstName = user.firstName


And so on. I did try this but the password still remains in the session:



req.session.user = { ...user }
delete req.session.user.password









share|improve this question

























  • Have you tried, delete user.password and then req.session.user = user ?

    – Mayur
    Dec 30 '18 at 14:40











  • Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch

    – user8463989
    Dec 30 '18 at 17:05











  • Instead of deleting the password after copying, did you try to copy the user object without it? const { password, ...restOfUser } = user; req.session.user = restOfUser; ?

    – Narigo
    Dec 30 '18 at 19:50














0












0








0








When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:



User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}


So instead of req.session.user = user maybe I would have to do:



req.session.user.email = user.email
req.session.user.firstName = user.firstName


And so on. I did try this but the password still remains in the session:



req.session.user = { ...user }
delete req.session.user.password









share|improve this question
















When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:



User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}


So instead of req.session.user = user maybe I would have to do:



req.session.user.email = user.email
req.session.user.firstName = user.firstName


And so on. I did try this but the password still remains in the session:



req.session.user = { ...user }
delete req.session.user.password






node.js express express-session






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 30 '18 at 19:08







user8463989

















asked Dec 30 '18 at 9:05









user8463989user8463989

369111




369111













  • Have you tried, delete user.password and then req.session.user = user ?

    – Mayur
    Dec 30 '18 at 14:40











  • Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch

    – user8463989
    Dec 30 '18 at 17:05











  • Instead of deleting the password after copying, did you try to copy the user object without it? const { password, ...restOfUser } = user; req.session.user = restOfUser; ?

    – Narigo
    Dec 30 '18 at 19:50



















  • Have you tried, delete user.password and then req.session.user = user ?

    – Mayur
    Dec 30 '18 at 14:40











  • Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch

    – user8463989
    Dec 30 '18 at 17:05











  • Instead of deleting the password after copying, did you try to copy the user object without it? const { password, ...restOfUser } = user; req.session.user = restOfUser; ?

    – Narigo
    Dec 30 '18 at 19:50

















Have you tried, delete user.password and then req.session.user = user ?

– Mayur
Dec 30 '18 at 14:40





Have you tried, delete user.password and then req.session.user = user ?

– Mayur
Dec 30 '18 at 14:40













Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch

– user8463989
Dec 30 '18 at 17:05





Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch

– user8463989
Dec 30 '18 at 17:05













Instead of deleting the password after copying, did you try to copy the user object without it? const { password, ...restOfUser } = user; req.session.user = restOfUser; ?

– Narigo
Dec 30 '18 at 19:50





Instead of deleting the password after copying, did you try to copy the user object without it? const { password, ...restOfUser } = user; req.session.user = restOfUser; ?

– Narigo
Dec 30 '18 at 19:50












0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53976384%2fremove-password-from-user-session-after-login%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53976384%2fremove-password-from-user-session-after-login%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Monofisismo

Angular Downloading a file using contenturl with Basic Authentication

Olmecas