Join our Live Session and learn more about College Credits! 👩‍🎓 Register here!

🤑 Join the Treehouse affiliate program and earn 25% commission!

✨ No-code curious? Check out 4 new FREE Adalo courses and start building an app in minutes — no code required!

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

Well done!

You have completed User Authentication With Express and Mongo!

Sign up for Treehouse Back to Library

Preview

Sign up for Treehouse Continue

Working with Sessions in Express

3:28 with Dave McFarland and Jonathan Foster

Learn how to install express-session and add it to your application.

Teacher's Notes
Questions?
Video Transcript
Downloads
Workspaces

Resources

Installing express-session

npm install express-session

Adding express-session to an app

var session = require('express-session');
app.use(session( {
  secret: 'treehouse loves you',
  resave: true,
  saveUninitialized: false
}));

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Now that you understand how sessions and cookies work, let's add sessions and 0:00

cookies to our express application using the express session module. 0:04

This is a package created by the express programming team. 0:09

It gives us middleware to handle session logic in an express application. 0:12

In other words, it saves us from having to do a lot of programming. 0:16

Let me show you how it works. 0:20

First, in the terminal or console, I'll switch to my project directory, 0:23

And install expression session by typing npm 0:29

install express-session --save. 0:34

Now I'll return to my text editor and open up the app.js file. 0:41

In order to use express session, we have to include it, 0:47

And then tell our application to use the middleware it provides. 1:00

I'll use app.use and then I pass session. 1:07

Now the session function takes a few parameters. 1:11

The only required option is secret, 1:18

which is a string that is used to sign the session ID cookie. 1:20

The secret adds another level of security to our system. 1:24

The resave option forces the session to be saved in the session store, 1:28

whether anything changed during the request or not. 1:32

And saveUninitialized forces an uninitialized session 1:35

to be saved in the session store. 1:39

An uninitialized session is a new and not yet modified session, 1:41

and we don't want to save it, so I set it to false. 1:45

You can learn more about these settings by looking over the readme for 1:48

express session, which I linked to in the teacher's notes. 1:51

Believe it or not, that's all we need to get sessions working in express. 1:54

You can use sessions all of the time, even for 1:58

visitors who haven't signed up as members of your site. 2:01

This is useful for tracking how anonymous users visit your site, 2:04

which pages they visit how long they stay on the site and so on. 2:08

Google Analytics, for example, uses sessions to collect website usage data. 2:12

There's one setting for the session object that we're not using yet. 2:17

That's the session store setting, 2:20

which tells express where to save session information. 2:22

By default, express stores all session data in the server's memory. 2:26

This is really only suitable for local development, it's fast and easy to use. 2:30

But if you had millions of users visiting your site, storing all that session data 2:34

in the server's RAM would quickly overrun the server and crash the site. 2:38

In production, you'll use some kind of database to store session information. 2:43

There are numerous options for 2:47

a session store, I've linked to a few in the teacher's notes. 2:48

For now, we'll stick with this default because it's fast and easy to use. 2:52

But in the next section of this course, 2:56

I'll show you how to add a real session store using MongoDB. 2:58

At this point we've added the programming needed to use sessions, but 3:03

we haven't yet added the programming to create a session. 3:06

We'll only create sessions for logged in users. 3:09

So we'll add that to the route whenever a user logs in and is authenticated. 3:12

I'll show you how to create sessions in just a bit. 3:17

But one thing to keep in mind is that once you create a session, 3:20

you can access it in the request object in any route. 3:23

So let's create some routes. 3:27

You need to sign up for Treehouse in order to download course files.

Sign up

You need to sign up for Treehouse in order to set up Workspace

Sign up