Because HTTP is stateless, in order to associate a request to any
other request, you need a way to store user data between HTTP requests.
Cookies and URL parameters are both suitable ways to transport data
between client and server. But they are both readable and on the client
side.
Sessions solve exactly this problem. You assign the client an ID and it makes all further requests using that ID. Information associated with the client is stored on the server linked to this ID.
We'll need the express-session, so install it using:
Whenever we make a request from the same client again, we will have their session information stored with us(given that server was not restarted). We can add more properties to this session object. In the following example, we will create a view counter for a client.
Now if you run the app and go to localhost:3000, you'll get the response:
If you revisit the page, the page counter will increase. I refreshed the page 42 times in this case:
Now we know how to use sessions, lets go on to create a session based authentication system.
Sessions solve exactly this problem. You assign the client an ID and it makes all further requests using that ID. Information associated with the client is stored on the server linked to this ID.
We'll need the express-session, so install it using:
npm install --save express-sessionWe will put the session and cookie-parser middleware in place. In this example, we'll use the default store for storing sessions,ie MemoryStore. Never use this in production environments. The session middleware handles all things for us, ie creating the session, setting the session cookie and creating the session object in req object.
Whenever we make a request from the same client again, we will have their session information stored with us(given that server was not restarted). We can add more properties to this session object. In the following example, we will create a view counter for a client.
var express = require('express'); var cookieParser = require('cookie-parser'); var session = require('express-session'); var app = express(); app.use(cookieParser()); app.use(session({secret: "Shh, its a secret!"})); app.get('/', function(req, res){ if(req.session.page_views){ req.session.page_views++; res.send("You visited this page " + req.session.page_views + " times"); }else{ req.session.page_views = 1; res.send("Welcome to this page for the first time!"); } }); app.listen(3000);What the above code does is, when a user visits the site, it creates a new session for the user and assigns them a cookie. Next time the user comes, the cooie is checked and the page_view session variable is updated accordingly.
Now if you run the app and go to localhost:3000, you'll get the response:
If you revisit the page, the page counter will increase. I refreshed the page 42 times in this case:
Now we know how to use sessions, lets go on to create a session based authentication system.
No comments:
Post a Comment