Express Sessions

express-session middleware

Install

npm i express-session

Require in server.js or app.js

const session = require('express-session')

Use

app.use(session({
  secret: process.env.SECRET_KEY,
  resave: false, // https://expressjs.com/en/resources/middleware/session.html#resave
  saveUninitialized: false, https://expressjs.com/en/resources/middleware/session.html#saveuninitialized
}))

Save user information on the session object

For each of the routes you create, the req variable will now have a session property which is itself an object. You can assign new properties to this object.

router.get('/', (req, res) => {
  req.session.user = {
    name: 'cookiemonster'
  }
  res.json({ // ...  })
})

Retrieve user information saved on the session object

Once you add a property to the session object, you can retrieve it when a user navigates to any other route. Then you can use it to make decisions based on the design of your application. Remember though, this session will end when the user closes their browser, or you restart your app.

router.get('/new', (req, res) => {
  if (req.session.user.name === 'cookiemonster') {
    console.log('User cookiemonster is logged in')
  } else {
    console.log('User is not cookie monster')
  }
})

Destroy the session

You can destroy a session before a user closes their browser window.

router.delete('/', () => {
  req.session.destroy(() => {
    console.log('session destroyed')
  })
})

Session Store

npm i connect-pg-simple

In server.js or app.js

const session = require('express-session')
const pgSession = require('connect-pg-simple')(session)

const db = require('./database/db')

// ...

app.use(session({
  secret: process.env.SECRET_KEY,
  resave: false,
  saveUninitialized: false,
  store: new pgSession({
    pool: db,
    createTableIfMissing: true
  })
}))

PreviousEnv Vars NextLab: Scavenger Hunt Stage 4b

Last updated 1 year ago

Was this helpful?

app.use(session({ secret: process.env.SECRET_KEY, resave: false, // https://expressjs.com/en/resources/middleware/session.html#resave saveUninitialized: false, https://expressjs.com/en/resources/middleware/session.html#saveuninitialized }))

router.get('/new', (req, res) => { if (req.session.user.name === 'cookiemonster') { console.log('User cookiemonster is logged in') } else { console.log('User is not cookie monster') } })

const session = require('express-session') const pgSession = require('connect-pg-simple')(session) const db = require('./database/db') // ... app.use(session({ secret: process.env.SECRET_KEY, resave: false, saveUninitialized: false, store: new pgSession({ pool: db, createTableIfMissing: true }) }))