Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Express session vs. PassportJS session

Tags:

express

passport.js

Do Express session and Passport session conflict in an Express app? Why or why not?

Here is some code that distinguishes Express and Passport session objects:

    app.use(express.session({}));     app.use(passport.session());      app.use(session({         cookie : {             maxAge : 60000         }     }));
like image 614
Alexander Mills Avatar asked Nov 19 '14 05:11

Alexander Mills

People also ask

Why should I use Passportjs?

Passport is a popular, modular authentication middleware for Node. js applications. With it, authentication can be easily integrated into any Node- and Express-based app. The Passport library provides more than 500 authentication mechanisms, including OAuth, JWT, and simple username and password based authentication.

What is Express session used for?

Express-session - an HTTP server-side framework used to create and manage a session middleware. This tutorial is all about sessions. Thus Express-session library will be the main focus. Cookie-parser - used to parse cookie header to store data on the browser whenever a session is established on the server-side.

Does passport use session?

Passport uses serializeUser function to persist user data (after successful authentication) into session. The function deserializeUser is used to retrieve user data from session and perform some condition-based operations. Now all the endpoints hitting the backend server will go through passport.

Is Passportjs secure?

Passport. js provides authentication, not security. It is fairly easy to misconfigure by following online tutorials, so take care - the tool is only as good as the hand it is in.

1 Answers

No, they are two separate things and they do not conflict which other. Moreover, passport.session has to be used after express.session in order to work properly.

express.session middleware is used to retrieve user session from a datastore (like Redis). We can find the session object because the session Id is stored in the cookie, which is provided to the server with every request.

Then, the purpose of passport.session middleware is to deserialize user object from session using passport.deserializeUser function (that you define in your passport configuration). When user first authenticates itself, its user object is serialized and stored in the session. On each following request, the middleware deserialize the user and populates req.user object.

Check Passpot Configure Guide and this SO answer: What does passport.session() middleware do? for more information.

like image 60
lukaszfiszer Avatar answered Sep 27 '22 23:09

lukaszfiszer
Sign in to Comment

Related questions

ExpressJS session expiring despite activity
Node.js/Express - Render error when page not found
how do you link css to a jade file?
How to properly pass mysql connection to routes with express.js
Difference between response.status() vs. response.sendStatus() in express
Grouping routes in Express
How to intercept node.js express request
Can't figure out why page loads at bottom? Angular UI-Router autoscroll Issue
Difference between include and block in Jade
Injecting variables during SASS compilation with Node
Node Express.js - Download file from memory - 'filename must be a string'
How do I check Content-Type using ExpressJS?
How to enable `ignoreUndefinedProperties` in node js
Force SSL with expressjs 3
express command not found in bash after installing it with npm
How to print a variable directly using EJS template engine?
Node.js Express route naming and ordering: how is precedence determined?
Node.js express correct use of bodyParser middleware
Is there a config in prettier to keep line breaks?
findOne Subdocument in Mongoose

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!