Learn how to install express-session and add it to your application.
Now that you understand how sessions and cookies work, let's add sessions and 0:00 cookies to our express application using the express session module. 0:04 This is a package created by the express programming team. 0:09 It gives us middleware to handle session logic in an express application. 0:12 In other words, it saves us from having to do a lot of programming. 0:16 Let me show you how it works. 0:20 First, in the terminal or console, I'll switch to my project directory, 0:23 And install expression session by typing npm 0:29 install express-session --save. 0:34 Now I'll return to my text editor and open up the app.js file. 0:41 In order to use express session, we have to include it, 0:47 And then tell our application to use the middleware it provides. 1:00 I'll use app.use and then I pass session. 1:07 Now the session function takes a few parameters. 1:11 The only required option is secret, 1:18 which is a string that is used to sign the session ID cookie. 1:20 The secret adds another level of security to our system. 1:24 The resave option forces the session to be saved in the session store, 1:28 whether anything changed during the request or not. 1:32 And saveUninitialized forces an uninitialized session 1:35 to be saved in the session store. 1:39 An uninitialized session is a new and not yet modified session, 1:41 and we don't want to save it, so I set it to false. 1:45 You can learn more about these settings by looking over the readme for 1:48 express session, which I linked to in the teacher's notes. 1:51 Believe it or not, that's all we need to get sessions working in express. 1:54 You can use sessions all of the time, even for 1:58 visitors who haven't signed up as members of your site. 2:01 This is useful for tracking how anonymous users visit your site, 2:04 which pages they visit how long they stay on the site and so on. 2:08 Google Analytics, for example, uses sessions to collect website usage data. 2:12 There's one setting for the session object that we're not using yet. 2:17 That's the session store setting, 2:20 which tells express where to save session information. 2:22 By default, express stores all session data in the server's memory. 2:26 This is really only suitable for local development, it's fast and easy to use. 2:30 But if you had millions of users visiting your site, storing all that session data 2:34 in the server's RAM would quickly overrun the server and crash the site. 2:38 In production, you'll use some kind of database to store session information. 2:43 There are numerous options for 2:47 a session store, I've linked to a few in the teacher's notes. 2:48 For now, we'll stick with this default because it's fast and easy to use. 2:52 But in the next section of this course, 2:56 I'll show you how to add a real session store using MongoDB. 2:58 At this point we've added the programming needed to use sessions, but 3:03 we haven't yet added the programming to create a session. 3:06 We'll only create sessions for logged in users. 3:09 So we'll add that to the route whenever a user logs in and is authenticated. 3:12 I'll show you how to create sessions in just a bit. 3:17 But one thing to keep in mind is that once you create a session, 3:20 you can access it in the request object in any route. 3:23 So let's create some routes. 3:27
You need to sign up for Treehouse in order to download course files.Sign up