Menu
There are two session-related middlewares bundled with Connect/Express. What is the difference? How do I choose?
I'm assuming that session middleware is the same as cookieSession middleware, but with an extra store mechanism.
280
The session middleware handles all things for us, i.e., creating the session, setting the session cookie and creating the session object in req object. Whenever we make a request from the same client again, we will have their session information stored with us (given that the server was not restarted).
Session is safer for storing user data because it can not be modified by the end-user and can only be set on the server-side. Cookies on the other hand can be hijacked because they are just stored on the browser.
The session cookie is a server-specific cookie that cannot be passed to any machine other than the one that generated the cookie. The server creates a “session ID” which is a randomly generated number that temporarily stores the session cookie.
The server response to the client to set a cookie for this particular session. So when a client makes another request to the server. The request header contains a cookie that contains session-id that has already created on the server-side.
The session middleware implements generic session functionality with in-memory storage by default. It allows you to specify other storage formats, though.
The cookieSession middleware, on the other hand, implements cookie-backed storage (that is, the entire session is serialized to the cookie, rather than just a session key. It should really only be used when session data is going to stay relatively small.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
