DEV Community

Cover image for Session Management In Node JS
AKINTOLA STEPHEN IYANU
AKINTOLA STEPHEN IYANU

Posted on

Session Management In Node JS

To explain session management in Node.js in simpler terms, imagine you're visiting a website and logging in.

The website needs a way to remember who you are while you're browsing different pages, right? That's where sessions come in! Sessions help the website keep track of you, storing your information temporarily so it can recognize you, even after you move from one page to another.

What is Session Management?

Session management is like a system that keeps track of a user's interactions with a website. Think of it as a "memory" for the website, helping it remember you while you're logged in. Every time you visit the site, it starts a "session," and the site remembers things about you, like your name or your preferences. This session ends when you log out.

Setting up Session Management in Node.js

To manage sessions in a Node.js app, you need something called middleware—a helper that sits between the user and the server to process the requests. One of the most popular options for managing sessions in Node.js is express-session.

Here's how you can get started:

  1. Install the express-session package by running:
   npm install express-session
Enter fullscreen mode Exit fullscreen mode
  1. Set up the session middleware in your app. This is how you do it:
   const express = require('express');
   const session = require('express-session');

   const app = express();

   app.use(session({
     secret: 'secret-key',
     resave: false,
     saveUninitialized: false,
   }));
Enter fullscreen mode Exit fullscreen mode

How Sessions Work

When a user logs in, a unique session is created just for them. This session data is stored on the server, while a small piece of information, called a session ID, is saved in the user's browser. Every time the user makes a request (like visiting a new page), the session ID is sent back to the server to retrieve the user's session.

Here's an example of how this looks in code:

app.post('/login', (req, res) => {
  const { username, password } = req.body;

  if (isValidUser(username, password)) {
    // If the user is valid, store info in the session
    req.session.isLoggedIn = true;
    req.session.username = username;

    res.status(200).json({ msg: `Redirecting to dashboard page...`});
  } else {
    res.status(400).json({ msg: `User credentials not not valid`});
  }
});
Enter fullscreen mode Exit fullscreen mode

In this example, once the user logs in, the session stores their isLoggedIn status and username.

Session Expiration

Sessions don’t last forever. After a while, the session should expire for security reasons. You can control how long a session lasts by setting an expiration time. Here’s how you can make a session expire after 1 minute:

app.use(session({
  secret: 'secret-key',
  resave: false,
  saveUninitialized: false,
  cookie: { maxAge: 60000 }  // Session expires after 60 seconds
}));
Enter fullscreen mode Exit fullscreen mode

Logging Out and Destroying the Session

When a user logs out, you want to destroy their session so the website no longer remembers them. Here’s how you can do that:

app.get('/logout', (req, res) => {
  req.session.destroy((err) => {
    if (err) {
      console.log(err);
    } else {
      res.status(200).json({ msg: `Successfully logged out...`});
    }
  });
});
Enter fullscreen mode Exit fullscreen mode

Retrieving Session Data

If you want to use the session information, like displaying the username on a dashboard, you can easily retrieve it like this:

app.get('/dashboard', (req, res) => {
  const isLoggedIn = req.session.isLoggedIn;
  const username = req.session.username;

  if (isLoggedIn) {
    res.status(200).json({ msg:`Successfully logged in`, data: username }});
  } else {
    res.status(400).json({ msg: `Log in not successful` data: username ? username: ""});
  }
});
Enter fullscreen mode Exit fullscreen mode

Keeping Sessions Secure

Lastly, it’s important to keep session data safe. You can do this by:

  • Using secure cookies (cookies that are only sent over HTTPS).
  • Encrypting session data.
  • Always using strong secret keys.

Summary

In simple terms, sessions help websites remember who you are while you’re logged in. In a Node.js app, we use middleware like express-session to manage these sessions, store user data, set expiration times, and secure the session information. This ensures that the site is efficient and secure for users while managing their sessions.

Top comments (1)

Collapse
 
swendy profile image
Swendy

Thank you sir for the clarification