Express Sessions PDF
Document Details
Uploaded by RapidSupernova1560
Balkh University
Tags
Summary
This document explains HTTP sessions and how to implement authentication using Express.js. It walks through code examples and concepts, useful for beginner and intermediate web developers.
Full Transcript
Express Sessions Sessions ► HTTP is stateless; in order to associate a request to any other request, you need a way to store user data between HTTP requests. Cookies and URL parameters are both suitable ways to transport data between the client and the server. But they are both reada...
Express Sessions Sessions ► HTTP is stateless; in order to associate a request to any other request, you need a way to store user data between HTTP requests. Cookies and URL parameters are both suitable ways to transport data between the client and the server. But they are both readable and on the client side. Sessions solve exactly this problem. You assign the client an ID and it makes all further requests using that ID. Information associated with the client is stored on the server linked to this ID. ► We will need the Express-session, so install it using the following code. ► Npm install express-session Continued… ► We will put the session and cookie-parser middleware in place. In this example, we will use the default store for storing sessions, i.e., MemoryStore. Never use this in production environments. The session middleware handles all things for us, i.e., creating the session, setting the session cookie and creating the session object in req object. ► Whenever we make a request from the same client again, we will have their session information stored with us (given that the server was not restarted). We can add more properties to the session object. Continued… Authentication ► Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users' information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access. ► For us to create an authentication system, we will need to create a sign up page and a user-password store. The following code creates an account for us and stores it in memory. This is just for the purpose of demo; it is recommended that a persistent storage (database or files) is always used to store user information. Continued… SIGNUP.JADE protected_page.pug Login page ?
