Fast meeting

How to use the session to identify the user in the request

By default, Express requests are sequential, and no requests can be linked to each other. There is no way to know whether this request comes from a client that has previously executed the request.

Unless some feasible mechanism is used, the user cannot be identified.

That is the meeting.

After implementation, each user of your API or website will be assigned a unique session, which allows you to store user status.

We will useexpress-sessionA module maintained by the Express team.

You can install using

npm install express-session

Once you’re done, you can use it in the app

const session = require('express-session')

This is a middleware, so youinstallationUse in Express

const express = require('express')
const session = require('express-session')

const app = express() app.use(session({ ‘secret’: ‘343ji43j4n3jn4jk3n’ }))

After this is done, all requests routed to the application are now using sessions.

secretIs the only required parameter, but you can use more parameters. For your application, it should be a random unique string.

The conversation is attached to the request, so you can access it withreq.sessionHere:

app.get('/', (req, res, next) => {
  // req.session

This object can be used to get data from the session, or it can be used to set data: = 'Flavio'
console.log( // 'Flavio'

The data is serialized asJSON formatWhen storing, so you can safely use nested objects.

You can use sessions to communicate data with middleware that will be executed later, or retrieve them later in future requests.

Where is the session data stored? It depends on how you set it upexpress-sessionModule.

It can store session data in

  • memory, Not intended for production
  • A kinddatabaseLike MySQL or Mongo
  • A kindMemory cacheLike Redis or Memcached

The list of the third software package is very large, they implement the following compatible cache storage

All solutions store the session ID in a cookie and keep the data on the server side. The client will receive the session ID through the cookie and send it with each HTTP request.

We will refer to the server to associate the session ID with the locally stored data.

The memory is the default setting and does not require you to make any special settings. This is the simplest thing, but it is only for development purposes.

The best option is an in-memory cache like Redis, for which you need to set up your own infrastructure.

Another popular software package for managing sessions in Express iscookie-session, Which makes a big difference: it stores the client's data in a cookie. I don't recommend you to do this, because storing data in a cookie means storing it on the client side and sending it back and forth in every request made by the user. Its size is also limited because it can only store 4 KB of data. Cookies also need to be protected, but they are not secure by default, because secure cookies can be used on HTTPS sites. If there is a proxy, you need to configure it.

Download mine for freeExpress.js manual

More crash tutorials: