Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Globally disabling cookies? #841

Closed
geoffreak opened this issue Sep 9, 2013 · 9 comments
Closed

Globally disabling cookies? #841

geoffreak opened this issue Sep 9, 2013 · 9 comments

Comments

@geoffreak
Copy link

I'm creating an API and I am trying to figure out how to disable cookies in my application. We will be using headers for authentication of our API and have no need for cookies.

I was expecting that not having a session config or setting module.exports.session = null would do the trick, but that does not seem to be the case.
@sgress454
Copy link
Member

What you want is to set req.session = null. You can do this in a blanket policy, but currently these don't cover blueprint actions. To ensure full coverage, you could define a route like so in the config/routes.js file:

"/*" : "SessionController.disable"

and in SessionController.js:

module.exports = {
    disable: function(req, res, next) {
        req.session = null;
        next();
    }
};

@geoffreak
Copy link
Author

Thanks for the tip, that seems to work. It would be nice if this was a more configurable option though.

@sgress454
Copy link
Member

Good call--we'll take a look at that!

@amonaco
Copy link

amonaco commented May 1, 2014

If your starting point is Sails and then you start to remove a lot of default options, then maybe your starting building block should be just plain Express and then add only what you need. API developer here.

leedm777 added a commit to leedm777/sails that referenced this issue Aug 12, 2014
@leedm777
Fix crash when using sessionless requests over WebSOckets.
ca52fe5 
When disabling sessions for individual requests, it's done by deleting
the session field from the request. (See
balderdashy#841).

Unfortunately, the REST-over-WebSocket code assumed that the session was
always there. This patch checks for the existence of req.session before
calling req.session.save.
leedm777 added a commit to leedm777/sails that referenced this issue Aug 12, 2014
@leedm777
Fix crash when using sessionless requests over WebSockets.
42bc9fd 
When disabling sessions for individual requests, it's done by deleting
the session field from the request. (See
balderdashy#841).

Unfortunately, the REST-over-WebSocket code assumed that the session was
always there. This patch checks for the existence of req.session before
calling req.session.save.
@leedm777 leedm777 mentioned this issue Aug 12, 2014
Merged
@gadelkareem
Copy link

+1

@jstri jstri mentioned this issue Dec 3, 2014
Closed
@theblang
Copy link

@sgress454 Was this ever made configurable?

@JetFault
Copy link

JetFault commented Mar 2, 2015

I would also like to know the same. Right now what I do is remove the cookieParser middleware, to not allow reading, but would be nice to also remove setting.

Also, do sockets work without cookies, I'm having socket issues right now, but don't know if that's the issue as of yet.

@Clan-Utility
Copy link

+1

@leompeters
Copy link

You can disable sessions in Sails, that should disable cookies. Add the code below in your .sailsrc:

{
  ...
  "hooks": {
    "session": false
  }
}

Source: http://sailsjs.org/documentation/reference/configuration/sails-config-session#?disabling-sessions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@geoffreak @JetFault @sgress454 @amonaco @gadelkareem @leompeters @theblang @Clan-Utility