Express Sessions

express-session middleware

Install

npm i express-session

Require in server.js or app.js

const session = require('express-session')

Use

app.use(session({
  secret: process.env.SECRET_KEY,
  resave: false, // https://expressjs.com/en/resources/middleware/session.html#resave
  saveUninitialized: false, https://expressjs.com/en/resources/middleware/session.html#saveuninitialized
}))

Save user information on the session object

For each of the routes you create, the req variable will now have a session property which is itself an object. You can assign new properties to this object.

router.get('/', (req, res) => {
  req.session.user = {
    name: 'cookiemonster'
  }
  res.json({ // ...  })
})

Retrieve user information saved on the session object

Once you add a property to the session object, you can retrieve it when a user navigates to any other route. Then you can use it to make decisions based on the design of your application. Remember though, this session will end when the user closes their browser, or you restart your app.

router.get('/new', (req, res) => {
  if (req.session.user.name === 'cookiemonster') {
    console.log('User cookiemonster is logged in')
  } else {
    console.log('User is not cookie monster')
  }
})

Destroy the session

You can destroy a session before a user closes their browser window.

router.delete('/', () => {
  req.session.destroy(() => {
    console.log('session destroyed')
  })
})

Session Store

Out of the box, Express will use MemoryStore to store session data. This is fine for development and small demo apps. But if you need something meant for production use, you can choose from this list.

If your app uses node-postgres, connect-pg-simple is a good choice.

npm i connect-pg-simple

In server.js or app.js

const session = require('express-session')
const pgSession = require('connect-pg-simple')(session)

const db = require('./database/db')

// ...

app.use(session({
  secret: process.env.SECRET_KEY,
  resave: false,
  saveUninitialized: false,
  store: new pgSession({
    pool: db,
    createTableIfMissing: true
  })
}))
PreviousEnv VarsNextLab: Scavenger Hunt Stage 4b

Last updated

Was this helpful?