Menu
I have a simple nodejs/express application. To save user authentication I use:
req.session.auth = user;
but this I've found regenerate method:
req.session.regenerate(function (err) {
req.session.auth = user;
});
My question is: should I use regenerate method or just req.session.auth = user;
744
If you just do req. session. auth = user , then you will save the auth to the session. However, if you use regenerate , you will actually be clearing the entire session and then saving the auth. The difference is that with the first approach, any other session variables in the current session will persist.
Here, since sess is global, the session won't work for multiple users as the server will create the same session for all the users. This can be solved by using what is called a session store. We have to store every session in the store so that each one will belong to only a single user.
resave : It basically means that for every request to the server, it reset the session cookie. Even if the request was from the same user or browser and the session was never modified during the request.
To store confidential session data, we can use the express-session package. It stores the session data on the server and gives the client a session ID to access the session data.
I would lean toward the req.session.regenerate, but it depends on what you're trying to do. If you just do req.session.auth = user, then you will save the auth to the session. However, if you use regenerate, you will actually be clearing the entire session and then saving the auth.
The difference is that with the first approach, any other session variables in the current session will persist. It's up to you to figure out if that makes sense for your site, or if you would rather have the session be clean once authentication is complete.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
