# Express Sessions

#### express-session middleware

Install

```bash
npm i express-session
```

Require in `server.js` or `app.js`

```javascript
const session = require('express-session')
```

Use

```javascript
app.use(session({
  secret: process.env.SECRET_KEY,
  resave: false, // https://expressjs.com/en/resources/middleware/session.html#resave
  saveUninitialized: false, https://expressjs.com/en/resources/middleware/session.html#saveuninitialized
}))
```

#### Save user information on the session object

For each of the routes you create, the `req` variable will now have a `session` property which is itself an object. You can assign new properties to this object.

```javascript
router.get('/', (req, res) => {
  req.session.user = {
    name: 'cookiemonster'
  }
  res.json({ // ...  })
})
```

#### Retrieve user information saved on the session object

Once you add a property to the session object, you can retrieve it when a user navigates to any other route. Then you can use it to make decisions based on the design of your application. Remember though, this session will end when the user closes their browser, or you restart your app.

```javascript
router.get('/new', (req, res) => {
  if (req.session.user.name === 'cookiemonster') {
    console.log('User cookiemonster is logged in')
  } else {
    console.log('User is not cookie monster')
  }
})
```

#### Destroy the session

You can destroy a session before a user closes their browser window.

```javascript
router.delete('/', () => {
  req.session.destroy(() => {
    console.log('session destroyed')
  })
})
```

#### Session Store

Out of the box, Express will use `MemoryStore` to store session data. This is fine for development and small demo apps. But if you need something meant for production use, you can choose from [this list](https://expressjs.com/en/resources/middleware/session.html#compatible-session-stores).

If your app uses node-postgres, [connect-pg-simple](https://www.npmjs.com/package/connect-pg-simple) is a good choice.

```bash
npm i connect-pg-simple
```

In `server.js` or `app.js`

```javascript
const session = require('express-session')
const pgSession = require('connect-pg-simple')(session)

const db = require('./database/db')

// ...

app.use(session({
  secret: process.env.SECRET_KEY,
  resave: false,
  saveUninitialized: false,
  store: new pgSession({
    pool: db,
    createTableIfMissing: true
  })
}))
```