How to clean all sessions in Node.js (heroku + redis)?

Question

I'm using node.js (Expressjs) hosted on heroku.

Sessions are stored in redis (Redistogo plugin for heroku):

RedisStore = require('connect-redis')(express)
app.use express.session
      secret: process.env.CLIENT_SECRET
      cookie: { maxAge: 604800000 }
      store: new RedisStore {client: redis}

After the user logged in I store his info in req.session:

after_user_logged_id = (req, user)->    
  req.session.current_user =
    id: user._id
    name: user.name

I need to restart the server and clean all sessions: logout all users to force them login one more time. How should I do this? Restarting the redis plugin doesn't help.

You could implement it yourself, in code. Might be a good feature to have, if you need to upgrade/change something in the session in the future. What I suggest is that you check for the existence of some property, and otherwise destroy the session, forcing the user to log in, at which point you set the property. Something like: `if(session.version < 1) { session.destroy() }`. — Linus Thiel, Feb 05 '13 at 13:42
should I put it in app.configure ()-> app.use (req, res, next)-> session_logic ? — Oleg Dats, Feb 05 '13 at 13:50
Yes, you can put it there, and you probably also want to `res.redirect()` to your login page. — Linus Thiel, Feb 05 '13 at 13:52

score 6 · Accepted Answer · answered Feb 05 '13 at 22:36

redis.flushdb() may be a bit extreme if you end up storing something else in redis. You just need to delete all the "sess:*" keys. Unfortunately, there is no del *, so you can use something like this:

redis.keys("sess:*", function(err, key) {
  redis.del(key, function(err) {
  });
});

score 0 · Answer 2 · answered Feb 05 '13 at 14:11

Code to clean all redis sessions:

RedisStore = require('connect-redis')(express)
rtg   = require('url').parse process.env.REDISTOGO_URL
redis = require('redis').createClient rtg.port, rtg.hostname  
redis.auth rtg.auth.split(':')[1] # auth 1st part is username and 2nd is password separated by ":"
  try
    console.log "clean sessions"
    redis.flushdb()
  catch err
    console.log "error:", err

How to clean all sessions in Node.js (heroku + redis)?

2 Answers2