Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

User Authentication With Express and Mongo

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Working with Sessions in Express

3:28 with Dave McFarland and Jonathan Foster

Learn how to install express-session and add it to your application.

Resources

Installing express-session

npm install express-session

Adding express-session to an app

var session = require('express-session');
app.use(session( {
  secret: 'treehouse loves you',
  resave: true,
  saveUninitialized: false
}));

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Now that you understand how sessions and cookies work, let's add sessions and 0:00
    cookies to our express application using the express session module. 0:04
    This is a package created by the express programming team. 0:09
    It gives us middleware to handle session logic in an express application. 0:12
    In other words, it saves us from having to do a lot of programming. 0:16
    Let me show you how it works. 0:20
    First, in the terminal or console, I'll switch to my project directory, 0:23
    And install expression session by typing npm 0:29
    install express-session --save. 0:34
    Now I'll return to my text editor and open up the app.js file. 0:41
    In order to use express session, we have to include it, 0:47
    And then tell our application to use the middleware it provides. 1:00
    I'll use app.use and then I pass session. 1:07
    Now the session function takes a few parameters. 1:11
    The only required option is secret, 1:18
    which is a string that is used to sign the session ID cookie. 1:20
    The secret adds another level of security to our system. 1:24
    The resave option forces the session to be saved in the session store, 1:28
    whether anything changed during the request or not. 1:32
    And saveUninitialized forces an uninitialized session 1:35
    to be saved in the session store. 1:39
    An uninitialized session is a new and not yet modified session, 1:41
    and we don't want to save it, so I set it to false. 1:45
    You can learn more about these settings by looking over the readme for 1:48
    express session, which I linked to in the teacher's notes. 1:51
    Believe it or not, that's all we need to get sessions working in express. 1:54
    You can use sessions all of the time, even for 1:58
    visitors who haven't signed up as members of your site. 2:01
    This is useful for tracking how anonymous users visit your site, 2:04
    which pages they visit how long they stay on the site and so on. 2:08
    Google Analytics, for example, uses sessions to collect website usage data. 2:12
    There's one setting for the session object that we're not using yet. 2:17
    That's the session store setting, 2:20
    which tells express where to save session information. 2:22
    By default, express stores all session data in the server's memory. 2:26
    This is really only suitable for local development, it's fast and easy to use. 2:30
    But if you had millions of users visiting your site, storing all that session data 2:34
    in the server's RAM would quickly overrun the server and crash the site. 2:38
    In production, you'll use some kind of database to store session information. 2:43
    There are numerous options for 2:47
    a session store, I've linked to a few in the teacher's notes. 2:48
    For now, we'll stick with this default because it's fast and easy to use. 2:52
    But in the next section of this course, 2:56
    I'll show you how to add a real session store using MongoDB. 2:58
    At this point we've added the programming needed to use sessions, but 3:03
    we haven't yet added the programming to create a session. 3:06
    We'll only create sessions for logged in users. 3:09
    So we'll add that to the route whenever a user logs in and is authenticated. 3:12
    I'll show you how to create sessions in just a bit. 3:17
    But one thing to keep in mind is that once you create a session, 3:20
    you can access it in the request object in any route. 3:23
    So let's create some routes. 3:27

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up