Sessions allow you to store sensitive information on the server instead.
Discover how to set up sessions in an Express server powered by Node.js.
What Youll Need
To follow this tutorial, you need both Node.js and npm installed.
Any recent version ofNode.jsshould come withnpm, a package manager for installing dependencies.
You’ll use npm to install Express and express-session.
These are the tools you’ll use to create the web server and session.
What Is a Session in Node.js?
A cookie is a small file that your net surf tool uses to store data.
you could use cookies to store non-sensitive data like search preferences.
You should not store sensitive data (such as usernames and passwords) in cookies.
Instead of saving sensitive data as a cookie on the client, you should store it on the server.
This keeps it protected from the outside world.
Sessions allow you to store sensitive data your app needs to identify the user.
Examples are username, password, and email.
They’re more secure because they live on the server, not the client.
You’ll learn how to create a session in the following section.
Creating a Session in an Express Server
Express is a popular web framework for Node.js.
It lets you set up a web server utility that listens to client requests at your chosen port number.
The package.json file for runningnpm scripts.
Install Express and express-session
You’ll use Express to create the web server system.
And express-session to create sessions on that server program.
Pass in an object with thesecretproperty (for signing the sessionID cookie) and the cookie.
Here you set the greatest age of the session to 30 seconds (30000milliseconds).
Setting saveUnitialized to false is essential if you have a login system.
Next, create a login route to change the session.
This check is to ensure that you proceed only if the username and password are present.
Next, you see if the user is already authenticated.
If so, send the session back to the client.
If not, set the authenticated property to true and save the username to the session.
Then send it back to the client.
With the above code, the server will remember each user that sends a request to the server.
Be sure to send the username and password in the request’s body.
First, you’ve authenticated on the server.
Second, the session now has your login details, so the server now knows who you are.
Sessions Improve User Experience
Sessions are a vital part of Node.js applications.
This is because they allow you to maintain a state of interaction across many requests and responses.
Sessions are especially important for applications that need you to get in.
Use sessions in your backend software to keep track of user-specific data.
An example of such data is the items your user has added to a shopping cart.
Without sessions, you’d have to maintain a separate data store for each user in your system.
This would be inefficient and increase the complexity of the program.
If you want to use Node.js for backend web development, then check out Express.
