Persistent sessions

My question is, is there any way to keep users logged even if the browser is refreshed?

I've looked in the forum for other references and the closer I found was:
Need advice on actions before joining a room

I was reading this link:
In which the solution was to implement express-session and passport.

And this other:
In which only express-session was implemented with some examples about the login action.

And I was thinking on create a flow like this:
-> express to show the /login form
-> a /loginPost action to validate the user in the DB
-> at tha point register the user in the session with express-session
-> and for last redirect the user to game-room
-> there I'll re-validate the session (again with express-session) and run the join-room method

Will that be ok? Because I feel like I'm missing something related to rooms onAuth or some like that which could be better...

If I'm not missing anything I hope this could be a small contribution.


If I don't implement the commented flow I was looking on do something like:'/game-room.html', function(req, res) {
// get the user logged
// render the game view if the login success

This could also work but if the client refresh the window it will be logged out automatically.

@endel will be a good idea to include a simple sample on how a basic login with X DB users could be implemented.
Could you confirm if any of these flows are a good practice or if I'm still missing something related to the onAuth?


Hi @dpastorini,

There are many ways to achieve that, using express-session is a good one. If you're using multiple nodes/servers, you'd need to use some Session Store along with it. (like connect-redis)

When joining into rooms, you'd need to re-validate the current user during onAuth(). Since the http request (session) is not available during the websocket handshake, you'd need to pass the user identifier (token? cookie?) as an option to validate that user. I'm not sure express-session provides a public API for checking the validity of a user token, if it does, it might be possible to use it during onAuth() to validate the user there.

Let us know if you manage to implement this, I'm sure more users are interested on this!

I'm stiil trying to understand how to make it work with a DB, because use sessions is kinda pointless since I would have to re-authenticate the user every time before get it in the room, so the way the onAuth seems to work I only need to send the form data in the join room method to validate it on the onAuth method right?
So, on client side I would have:

$login.on('submit', function(e){
            room = client.join('game_room', {username: $('#username').val(), password: $('#password').val());

So good so far I got the params on the onAuth, but how can I validate the user in the DB? This won't work since we need to wait for the DB result:

        if(Player.find(options.username, options,password)) {
            return true;
        } else {
            return false;

@endel could you provide an example of a simple way to do something like this please?

Thanks in advance!

Hi @dpastorini,

You may return a Promise on onAuth() for asynchronous login, or define async onAuth() and combine with await calls inside the method.

You can see more in the authentication section in the docs.

Hope this helps! Cheers!

I've fully missed that part! So sorry! I'll create a full login sample so you can include it in the contributions if you like.
I'll be also working with Phaser so I'll probably be able to provide a basic sample for that implementation in the client side.

@dpastorini no worries! I've seen a lot of people asking how to integrate Phaser in the server-side, let us know your approach when you manage to do it! Cheers!

Hi @endel , I've finally got the login/registration working with Colyseus + MySQL, so I'll try to create a base-example repo in BitBucket to share it here.
I had a few issues while trying to handle the onAuth errors for the different cases but got it working on the client side by adding different error handlers (when you see it you will be able to tell if that's the best way to do it or not).

That said, I've started to do some research on how to implement Phaser and found this great Phaser + example:
You can see the demo here:

Looks great to me since it's exactly what I was looking for, so I'm trying to implement the same sample but integrated with Colyseus (I'm guessing Colyseus will help on avoid some socket issue I've got checking the demo related to the socket connections, not by bombing the server with connections but trying different actions moving the players and so).

My problem now is much more base, since I have zero experience with webpacks (trying to use your Tic-Tac-Toe sample), and even less by using something like "bundle" the files on the server side to create like a "client distribution" (like in the jrgame sample), if you have any recommendations for this will be great.

Maybe you can also check the jrgame sample and tell if there's any easy way to integrate it with Colyseus?

If I manage to get this example fully working it will be a great contribution since it will be a simple implementation with Colyseus + DB engine (MySQL in my case but it should be really easy to use Mongo or any other) + Phaser 3
For people like me who's struggling on how to create an MMORPG in a easy way this could easily set the base architecture just by cloning the repo :)


A colyseus + DB with authentication would be the ideal example IMO
something like the existing tic tac toe example with a simple user creation (DB) and login (authentication) would be enough

and it would be all someone needs to make a complete multiplayer game experience

Hi guys, I know this is an old topic, but I've just made a simple demonstration on how to use express-session with colyseus's onAuth() method here: