Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the difference between a session store and database

I've been trying to implement authentication and session management in a node.js application using socket.io.

And from almost all the resources I found, I came across the term "session store".

There are open source tools that handles sessions for us, but we have to provide them with a session store.

Some tools has built in storage for sessions in memory, for example the module express-session comes with a default in memory session store, but also this warning:

Warning The default server-side session storage, MemoryStore, is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.

So I searched for the available stable session stores and it turns out that most of the names are databases that I've heard of.

For example, here's a list of session stores and another one at GitHub that I've came across.

The names include MongoDB, MySQL, SQLite, cassandra, firebase etc, hence the confusion.

So the question is, are session stores and database the same..? (I can think of it like - when we're using the database for storing session details we call it session store but it's in fact a database)

If not, how do they differ..?

like image 540
T J Avatar asked Nov 24 '15 15:11

T J


People also ask

What is session store database?

Session storage is a popular choice when it comes to storing data on a browser. It enables developers to save and retrieve different values. Unlike local storage, session storage only keeps data for a particular session. The data is cleared once the user closes the browser window.

Is session a database?

A session represents the connection between an application and the relational database that stores its persistent objects. TopLink provides several different session objects that all implement the same Session interface.

Should you store sessions in database?

An easy way to make sure that sessions continue to work properly is to store sessions in a central database that is common to all servers. The application needs to be able to run on a shared host, where there are significant security concerns associated with storing session data in the filesystem.

Is session ID stored in DB?

A session ID is stored in a cookie. If a hacker can steal that ID, he can pretend to be someone else, because a session is identified by... it's ID. By saving a user's session ID, IP and agent server-side (your database for example) you can compare the data saved in the database with the client.


2 Answers

Session store is a place where session data is being stored on server. On web its usually being identified by a cookie stored in clients browser. So it allows your app to identify user and keep him logged in for example.

Session can either be memory, some database, simple files, or any other place you can come up with to store session data.

If you project uses some database, you can configure your session store to use the same database, to avoid having another database on server just for the purpose of session store.

Differences between different session stores:

  • Memory session store is going to be reset on every app re-lauch. Also its fastest.
  • Database session store, is going to be safe with app re-lauch. And at some point you will have alot of session objects which you might want to clean up. And same session stored in database can be even accessed from different apps.
like image 100
ulikus Avatar answered Oct 09 '22 13:10

ulikus


Session store is a method of storing information about user as a session with unique identifier. It could be stored in memory or in database. Socket.io can utilize the same session (id) being used in express app by socket-express-session package, if I am not mistaken.

You can then use session information to grant/restrict access, for example.

like image 36
kaytrance Avatar answered Oct 09 '22 15:10

kaytrance