Node Js Session user id

Question

Hello I'm just new to Node.js and currently working on session login.

1. Why can't I set session inside my query function?

2. Why do I need req.session.save() to save it, but after redirecting to some page session its still not totally set and the page needs to refresh to show session.

Here is my function in setting session

client.query(
    "Select id FROM users Where username = '" + req.body.username + "' AND password = '" + req.body.password + "'",
    function(err, result) {
        if (err) {
            return console.error('error running query', err);
        } else {
            done();
            req.session.user_id = result.rows;
            req.session.save();
            res.redirect('/wall');
        }
    });

Answer 1

You might want to simplify your example and clarify what libraries you are using. I am assuming you are using express and express-session. I set up a simple example where when you go to to /login?username=yourname page it redirects you to a different page where it shows your name.

var app = require('express')();
var http = require('http').Server(app);
var session = require('express-session');
var mysql = require('mysql')

app.use(session({secret: 'super secret'}));

var client = mysql.createConnection({
    host: "My",
    user: "private",
    password: "configuration",
    database: "my_db"
});

app.get('/login', function(req, res, next) {
    var sessionData = req.session;
    client.query('SELECT * from users where username = ?', [req.query.username], function(err, rows) {
        if(err) throw err;
        if (rows.length) {
            var user = rows[0]
            req.session.username = user.username;
            req.session.user_id = user.id
            res.redirect('/signed_in');
        } else {
            res.send("user not found")
        }
    })
})

app.get('/signed_in', function(req, res){
    res.send(req.session.user_id + "," + req.session.username);
});

http.listen(3000);

Quentin is right you should look out for sql injections. in the case of node you typically do something like this, depending on what sql library you are using.

client.query(
    "Select id FROM users Where username = ? AND password = ?", [req.body.username, req.body.password],
    function(err, result) {
    // Your code
}

As for why you have to refresh the page after you reload it my guess is something related to done function since i don't know what it is doing in your code. I have no idea why you need to call save, it is not necessary in my example.