Remove password from user session after login
When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:
User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}
So instead of req.session.user = user maybe I would have to do:
req.session.user.email = user.email
req.session.user.firstName = user.firstName
And so on. I did try this but the password still remains in the session:
req.session.user = { ...user }
delete req.session.user.password
node.js express express-session
add a comment |
When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:
User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}
So instead of req.session.user = user maybe I would have to do:
req.session.user.email = user.email
req.session.user.firstName = user.firstName
And so on. I did try this but the password still remains in the session:
req.session.user = { ...user }
delete req.session.user.password
node.js express express-session
Have you tried,delete user.password
and thenreq.session.user = user
?
– Mayur
Dec 30 '18 at 14:40
Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch
– user8463989
Dec 30 '18 at 17:05
Instead of deleting the password after copying, did you try to copy the user object without it?const { password, ...restOfUser } = user; req.session.user = restOfUser;
?
– Narigo
Dec 30 '18 at 19:50
add a comment |
When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:
User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}
So instead of req.session.user = user maybe I would have to do:
req.session.user.email = user.email
req.session.user.firstName = user.firstName
And so on. I did try this but the password still remains in the session:
req.session.user = { ...user }
delete req.session.user.password
node.js express express-session
When a user logs in I create a user object and store it in a session variable ( I am using express-session) . However it is also storing the hashed password in the session but I would rather not do that. Is there a way to just remove the password from the session or would I have to create a seperate session variable for everything I wanted to store in a session? eg:
User.findOne({email: email})
.then(user => {
if (!user) {
return res.status(422).render('auth/login', {
path: '/login',
pageTitle: 'Login',
errorMessage: 'Invalid login details',
email: email
});
}
bcrypt.compare(password, user.password)
.then(doMatch => {
if (doMatch) {
req.session.isLoggedIn = true;
req.session.user = user
return req.session.save((err) => {
res.redirect('/dashboard');
});
}
So instead of req.session.user = user maybe I would have to do:
req.session.user.email = user.email
req.session.user.firstName = user.firstName
And so on. I did try this but the password still remains in the session:
req.session.user = { ...user }
delete req.session.user.password
node.js express express-session
node.js express express-session
edited Dec 30 '18 at 19:08
user8463989
asked Dec 30 '18 at 9:05
user8463989user8463989
369111
369111
Have you tried,delete user.password
and thenreq.session.user = user
?
– Mayur
Dec 30 '18 at 14:40
Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch
– user8463989
Dec 30 '18 at 17:05
Instead of deleting the password after copying, did you try to copy the user object without it?const { password, ...restOfUser } = user; req.session.user = restOfUser;
?
– Narigo
Dec 30 '18 at 19:50
add a comment |
Have you tried,delete user.password
and thenreq.session.user = user
?
– Mayur
Dec 30 '18 at 14:40
Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch
– user8463989
Dec 30 '18 at 17:05
Instead of deleting the password after copying, did you try to copy the user object without it?const { password, ...restOfUser } = user; req.session.user = restOfUser;
?
– Narigo
Dec 30 '18 at 19:50
Have you tried,
delete user.password
and then req.session.user = user
?– Mayur
Dec 30 '18 at 14:40
Have you tried,
delete user.password
and then req.session.user = user
?– Mayur
Dec 30 '18 at 14:40
Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch
– user8463989
Dec 30 '18 at 17:05
Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch
– user8463989
Dec 30 '18 at 17:05
Instead of deleting the password after copying, did you try to copy the user object without it?
const { password, ...restOfUser } = user; req.session.user = restOfUser;
?– Narigo
Dec 30 '18 at 19:50
Instead of deleting the password after copying, did you try to copy the user object without it?
const { password, ...restOfUser } = user; req.session.user = restOfUser;
?– Narigo
Dec 30 '18 at 19:50
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53976384%2fremove-password-from-user-session-after-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53976384%2fremove-password-from-user-session-after-login%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Have you tried,
delete user.password
and thenreq.session.user = user
?– Mayur
Dec 30 '18 at 14:40
Tried that and get this error: TypeError: Cannot convert undefined or null to object at bcrypt.compare.then.doMatch
– user8463989
Dec 30 '18 at 17:05
Instead of deleting the password after copying, did you try to copy the user object without it?
const { password, ...restOfUser } = user; req.session.user = restOfUser;
?– Narigo
Dec 30 '18 at 19:50