Menu
We have two types of Users, Admin and general Users.
passport.serializeUser(function(user, done) {
console.log('Sear');
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
console.log(id);
console.log("Deser");
User.findById(id, function(err, user) {
if(err) done(err);
if(user){
done(null, user);
}else{
vendorUser.findById(id, function(err, user){
if(err) done(err);
done(null,user);
});
}
});
});
Console.log gets outputted frequently (even on a single API request) with the text
Deser
What do both the functions exactly do? A detailed answer is appreciated. TIA.
254
Basically, we are just storing the user-id in the session using serializer and when we need the user model instance, we use that user-id to search in the database which is done using deserializer.
Serialization is the process of converting a data object—a combination of code and data represented within a region of data storage—into a series of bytes that saves the state of the object in an easily transmittable form.
serializeUser is the method that is called on the login request(during the authentication) and if login is successful then it decides what user information should get stored in the session and a cookie is sent to the browser for the same to maintain the session.
// Only during the authentication to specify what user information should be stored in the session.
passport.serializeUser(function (user, done) {
console.log("Serializer : ", user)
done(null, user.id);
});
The above snippet will save the user.id field to the session and cookie.
deserializeUser is the method that is called on all subsequent request and is called by the passport.session middleware. It enables us to load additional user information on every request. This user object is attached to the request as req.user making it accessible in our request handling.
Here is the article that explains it flow very well
43
Serialization and deserialization are important concept. To serialize an object means to convert its state to a byte stream so way that the byte stream can be reverted back into a copy of the object.
In a typical web application, the credentials used to authenticate a user will only be transmitted during the login request. If authentication succeeds, a session will be established and maintained via a cookie set in the user's browser.
Each subsequent request will not contain credentials, but rather the unique cookie that identifies the session. In order to support login sessions, Passport will serialize and deserialize user instances to and from the session.
In the code that you have written, only the user ID is serialized to the session. When subsequent requests are received, this ID is used to find the user, which will be restored to req.user.
In order to give developers freedom to user whichever database they want, whatever data they want to serialize, they can do it in their own way, the serialization and deserialization logic is left to us to implement.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
