diff --git a/lib/server/index.js b/lib/server/index.js index 89eba3e131..32ab301edd 100644 --- a/lib/server/index.js +++ b/lib/server/index.js @@ -53,8 +53,9 @@ habitrpgMobile = function(req, res, next) { habitrpgSessions = function(req, res, next) { var acceptableUid, uidParam; uidParam = req.url.split('/')[1]; - acceptableUid = require('guid').isGuid(uidParam) || (uidParam === '3' || uidParam === '4' || uidParam === '9'); - if (acceptableUid && req.session.userId !== uidParam) { + acceptableUid = require('guid').isGuid(uidParam) || (uidParam === '3' || uidParam === '9'); + if (acceptableUid) { + req.session || (req.session = {}); req.session.userId = uidParam; } return next(); @@ -62,12 +63,12 @@ habitrpgSessions = function(req, res, next) { expressApp.use(express.favicon()).use(gzippo.staticGzip(publicPath, { maxAge: ONE_YEAR -})).use(express.compress()).use(express.cookieParser()).use(store.sessionMiddleware({ +})).use(express.compress()).use(express.cookieParser()).use(habitrpgSessions).use(store.sessionMiddleware({ secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE', cookie: { maxAge: ONE_YEAR } -})).use(habitrpgSessions).use(store.modelMiddleware()).use(habitrpgMobile).use(app.router()).use(expressApp.router).use(serverError(root)); +})).use(store.modelMiddleware()).use(habitrpgMobile).use(app.router()).use(expressApp.router).use(serverError(root)); expressApp.all('*', function(req) { throw "404: " + req.url; diff --git a/src/server/index.coffee b/src/server/index.coffee index 117e42dd26..0cd67f93bb 100644 --- a/src/server/index.coffee +++ b/src/server/index.coffee @@ -38,11 +38,12 @@ habitrpgMobile = (req, res, next) -> # PURL pseudo-auth: Previously saved session (eg, http://localhost/{guid}) (temporary solution until authentication built) habitrpgSessions = (req, res, next) -> uidParam = req.url.split('/')[1] - acceptableUid = require('guid').isGuid(uidParam) or (uidParam in ['3','4','9']) - if acceptableUid and req.session.userId!=uidParam + acceptableUid = require('guid').isGuid(uidParam) or (uidParam in ['3','9']) + if acceptableUid# and req.session.userId!=uidParam # model.fetch "users.#{uidParam}", (err, user) -> #test whether user exists # if user.get('id') - req.session.userId = uidParam # and for next requests + req.session ||= {} + req.session.userId = uidParam next() expressApp @@ -59,11 +60,11 @@ expressApp # Uncomment and supply secret to add Derby session handling # Derby session middleware creates req.session and socket.io sessions .use(express.cookieParser()) + .use(habitrpgSessions) .use(store.sessionMiddleware secret: process.env.SESSION_SECRET || 'YOUR SECRET HERE' cookie: {maxAge: ONE_YEAR} ) - .use(habitrpgSessions) # Adds req.getModel method .use(store.modelMiddleware())