New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket

passport-remember-me

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passport-remember-me

Remember Me cookie authentication strategy for Passport.

  • 0.0.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
1.5K
increased by3.32%
Maintainers
1
Weekly downloads
 
Created
Source

Passport-Remember Me

Passport strategy for authenticating based on a remember me cookie.

This module lets you authenticate using a remember me cookie (aka persistent login) in your Node.js applications. By plugging into Passport, remember me authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.

Install

$ npm install passport-remember-me

Usage

Configure Strategy

The remember me authentication strategy authenticates users using a token stored in a remember me cookie. The strategy requires a verify callback, which consumes the token and calls done providing a user.

The strategy also requires an issue callback, which issues a new token. For security reasons, remember me tokens should be invalidated after being used. The issue callback supplies a new token that will be stored in the cookie for next use.

passport.use(new RememberMeStrategy(
  function(token, done) {
    Token.consume(token, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      return done(null, user);
    });
  },
  function(user, done) {
    var token = utils.generateToken(64);
    Token.save(token, { userId: user.id }, function(err) {
      if (err) { return done(err); }
      return done(null, token);
    });
  }
));
Authenticate Requests

Use passport.authenticate(), specifying the 'remember-me' strategy, to authenticate requests.

This is typically used in an application's middleware stack, to log the user back in the next time they visit any page on your site. For example:

app.configure(function() {
  app.use(express.cookieParser());
  app.use(express.bodyParser());
  app.use(express.session({ secret: 'keyboard cat' }));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(passport.authenticate('remember-me'));
  app.use(app.router);
});

Note that passport.session() should be mounted above remember-me authentication, so that tokens aren't exchanged for currently active login sessions.

If the user enables "remember me" mode, an initial cookie should be set when they login.

app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login', failureFlash: true }),
  function(req, res, next) {
    // issue a remember me cookie if the option was checked
    if (!req.body.remember_me) { return next(); }

    var token = utils.generateToken(64);
    Token.save(token, { userId: req.user.id }, function(err) {
      if (err) { return done(err); }
      res.cookie('remember_me', token, { path: '/', httpOnly: true, maxAge: 604800000 }); // 7 days
      return next();
    });
  },
  function(req, res) {
    res.redirect('/');
  });

Examples

For a complete, working example, refer to the login example.

Tests

$ npm install
$ make test

Build Status

Credits

License

The MIT License

Copyright (c) 2013 Jared Hanson <http://jaredhanson.net/>

Keywords

FAQs

Package last updated on 15 May 2013

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc