The session validation should be checked before every page is loaded and the login page should be redirected

marcus-j-davies · 24 November 2024 13:44

Is this an API you're building or a Web interface?

if an API, I wouldn't use redirects

function sessionValidation(req, res, next) {
    if (req.originalUrl === '/api/login') {
        next()
    } else {
        const sessionId = req.cookies['session_id'];
        if (sessionId) {
            next()
        } else {
             res.json({error:'Access Denied',reason:'NO_TOKEN_PRESENT'})
        }
    }
}

if a web interface

function sessionValidation(req, res, next) {
    if (req.originalUrl === '/api/login') {
        next()
    } else {
        const sessionId = req.cookies['session_id'];
        if (sessionId) {
            next()
        } else {
            res.redirect('/api/login');
        }
    }
}

Without knowing your setup fully - its a little hard to understand what is the right answer.

Also be carful about redirects and HTTP Methods - I think the redirect needs to handle the original method - else you may get 404 for the redirect target, I'm not entirely sure

Topic		Replies	Views
Issue with Custom Middleware Not Blocking Access to Dashboard Dashboard dashboard-2	5	54	13 October 2024
How to create session id after login is validated General	1	257	18 July 2022
Session Management and UI Redirection in Node-RED Dashboard Widgets Dashboard dashboard-2	1	84	28 December 2024
Login session with http General http-request	1	175	15 July 2023
Help - Middleware for httpin node Auth General security	6	213	2 October 2023

The session validation should be checked before every page is loaded and the login page should be redirected

Related topics