1

I have a node site using Usergrid as the backend. I have created a login form screen, however when one user logs in it then shows that user being logged in to all other users who are on the site. If someone else logs in then it will overwrite the previously logged in user. How can I prevent the authenticated session from being shared across all users? I want each user to have their own authenticated session while browsing the site.

Login Code: 

app.post("/login", function(req, res) {

    if (client.isLoggedIn()) {
        console.log("already logged in");
        res.send({"status": "success"});
    } else {

        client.login(req.body.username, req.body.password, function(err) {
            logger.debug("After Log In");
            if (err) {
                logger.error('Login Failed');
                logger.error(err);
            } else {
                logger.debug(client.token);

                client.authType = Usergrid.AUTH_APP_USER;

                var options = {
                    method: 'GET',
                    endpoint: 'users/me'
                };

                client.request(options, function(err,data) {
                    if (err) {
                        console.log(err);
                    } else {
                        req.session['current_user'] = data.entities[0];
                        console.log(data);
                        console.log("SESSION");
                        console.log(req.session);
                    }
                    res.send({"status": "success"});
                });
            }
        });
    }
});
jeremylach
  • 75
  • 7

1 Answers1

0

I think the problem is that you are using one instance of the Usergrid.Client object to serve many users. Instead, you should do what Usergrid does: when a user logs in, you give them the Usergrid access_token. You could send it back in a cookie, or in JSON data or whatever you choose.

Then you would expect subsequent HTTP request from the user to include the access_token in the URL or in a cookie, or whatever. On each request you create a new instance of the Usergrid.Client and pass in the token from the user, e.g.

var client = new Usergrid.Client({'token':'abcd5764adf...');

snoopdave
  • 306
  • 1
  • 5