Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

nodejs/express. regenerate session

I have a simple nodejs/express application. To save user authentication I use:

req.session.auth = user;

but this I've found regenerate method:

req.session.regenerate(function (err) {
   req.session.auth = user;
});

My question is: should I use regenerate method or just req.session.auth = user;

like image 744
Erik Avatar asked Feb 02 '12 18:02

Erik


People also ask

What is req session regenerate ()?

If you just do req. session. auth = user , then you will save the auth to the session. However, if you use regenerate , you will actually be clearing the entire session and then saving the auth. The difference is that with the first approach, any other session variables in the current session will persist.

How do I handle multiple sessions in node js?

Here, since sess is global, the session won't work for multiple users as the server will create the same session for all the users. This can be solved by using what is called a session store. We have to store every session in the store so that each one will belong to only a single user.

What is Express session resave?

resave : It basically means that for every request to the server, it reset the session cookie. Even if the request was from the same user or browser and the session was never modified during the request.

Where is express session stored?

To store confidential session data, we can use the express-session package. It stores the session data on the server and gives the client a session ID to access the session data.


1 Answers

I would lean toward the req.session.regenerate, but it depends on what you're trying to do. If you just do req.session.auth = user, then you will save the auth to the session. However, if you use regenerate, you will actually be clearing the entire session and then saving the auth.

The difference is that with the first approach, any other session variables in the current session will persist. It's up to you to figure out if that makes sense for your site, or if you would rather have the session be clean once authentication is complete.

like image 133
Rohan Singh Avatar answered Sep 28 '22 20:09

Rohan Singh