add user_id field in session table
See original GitHub issueWhen a user does a password reset / changes his password, it makes sense to drop all sessions for that user. Currently the user id is stored inside a json blob on the session, so it becomes very inefficient to query for all sessions that belong to a specific user.
In issue #53 ( https://github.com/chill117/express-mysql-session/issues/53 ), it was suggested that one way to workaround this issue is to, A) not use createDatabaseTable: true, B) add a user_id column, and C) right after login, update the session with the appropriate user_id.
However, this approach has the downside that “user_id” cannot be a “NOT NULL” column with a foreign key constraint pointing to the user table. This in turn would enable cascading deletes for sessions when a user is deleted.
columnNames: {
user_id: 'user_id',
...
}
Do you agree that having such a column is a good idea, i.e. would you accept a PR to add one?
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:16 (8 by maintainers)
I’m still interested in this feature.
The field that passport puts into “data” for me is called “user” but the database column I have is called “user_id”. Ideally, I think it’s good if the session storage does not mandate certain column names so it would be nice to find a solution that ensures this, even for “dataWithOwnColumns” columns.
Did you mean that dataWithOwnColumns could be combined with columns, like this:
I suppose another option would be to simply omit the “dataWithOwnColumns” member, and instead make a rule that says:
If there is any property KEY:VAL inside columnNames dict where KEY is not “session_id”, “expires” or “data”, then the session store will create a column called VAL and assume that the data for it is in data[KEY]
I’m not sure I completely understand what @mo is suggesting here, but wouldn’t an implementation of #91 fix the inefficiency problem? I haven’t used the JSON column type yet since it didn’t exist the last time I did something with MySQL, but a quick google search tells me it allows for more efficient querying using something like
JSON_EXTRACT
.