1 00:00:00,510 --> 00:00:04,070 When a user logs in we store their user ID in a session, and 2 00:00:04,070 --> 00:00:07,010 retrieve it when we want to see who's logged in. 3 00:00:07,010 --> 00:00:10,220 Our authentication system relies on sessions. 4 00:00:10,220 --> 00:00:15,260 However, our basic system stores the session data in the server's memory. 5 00:00:15,260 --> 00:00:17,300 Server RAM is a limited resource and 6 00:00:17,300 --> 00:00:20,368 it can quickly fill up if a lot of folks sign up and login. 7 00:00:20,368 --> 00:00:24,650 Too many logins and the server will slow down and eventually crash. 8 00:00:26,080 --> 00:00:29,530 For a production server you should use a more scalable solution. 9 00:00:29,530 --> 00:00:31,570 There are many sessions storage options for 10 00:00:31,570 --> 00:00:36,310 express including ones that use fast databases like Redis and Mongo. 11 00:00:36,310 --> 00:00:38,840 Since we're already using Mongo in this course, 12 00:00:38,840 --> 00:00:42,160 let's use Mongo db to store session data. 13 00:00:42,160 --> 00:00:45,220 Fortunately for us, someone's already written a middleware module 14 00:00:45,220 --> 00:00:50,230 called Connect Mongo which makes it very simple to add a Mongo session store. 15 00:00:50,230 --> 00:00:51,390 Let me show you how it works. 16 00:00:52,670 --> 00:00:56,240 First, I need to install the connect Mongo module. 17 00:00:56,240 --> 00:00:57,395 I'll open up the terminal. 18 00:00:57,395 --> 00:01:00,190 And, make sure I'm in the project's root directory. 19 00:01:00,190 --> 00:01:05,423 And then, I'll run NPM install connect dash 20 00:01:05,423 --> 00:01:10,660 Mongo dash dash save to download the module and include it in our project. 21 00:01:11,940 --> 00:01:15,052 Then, in my text editor, I'll open app dot JS. 22 00:01:16,743 --> 00:01:19,164 To use the module I'll have to require it. 23 00:01:20,727 --> 00:01:24,430 I'll add this line after the line that loads our session module. 24 00:01:26,540 --> 00:01:29,280 You'll notice that I'm not only loading this module, but 25 00:01:29,280 --> 00:01:33,980 I'm also calling it passing our express session as an argument. 26 00:01:33,980 --> 00:01:37,980 This lets the connect Mongo middleware access the sessions. 27 00:01:37,980 --> 00:01:41,752 Now, let's find the middleware where we configure the session. 28 00:01:44,000 --> 00:01:46,340 I'm going to add a new key called store. 29 00:01:49,337 --> 00:01:53,310 And, in it I'll store a new instance of Mongo store. 30 00:01:53,310 --> 00:01:56,900 The session constructor function takes a configuration object, and 31 00:01:56,900 --> 00:02:01,050 all we need to do is set Mongoose connection to DB. 32 00:02:01,050 --> 00:02:03,386 If you look at the code to connect to Mongo DB. 33 00:02:05,649 --> 00:02:08,347 You'll see a line where we set a variable, DB, 34 00:02:08,347 --> 00:02:14,000 to the Mongoose connection, after we've connected to the local Mongo DB instance. 35 00:02:14,000 --> 00:02:17,990 Now, I just noticed that our DB connection is defined down here 36 00:02:17,990 --> 00:02:19,985 after we use it in our session. 37 00:02:19,985 --> 00:02:23,400 That'll cause an error since DB isn't yet defined. 38 00:02:23,400 --> 00:02:28,050 So, I'll go up here and cut our session code. 39 00:02:28,050 --> 00:02:31,170 And then, 40 00:02:31,170 --> 00:02:35,910 just paste it in here after the Mongo DB connection. 41 00:02:35,910 --> 00:02:38,260 Believe it or not, that's all there is to it. 42 00:02:38,260 --> 00:02:42,900 Passing the same Mmongoose connection is all it takes to start using Mongo DB 43 00:02:42,900 --> 00:02:44,610 as a session store. 44 00:02:44,610 --> 00:02:49,730 Now, our application stores session data in Mongo instead of in RAM. 45 00:02:49,730 --> 00:02:51,660 To prove it let's use the application and 46 00:02:51,660 --> 00:02:54,850 see that a new collection is added to our database. 47 00:02:54,850 --> 00:02:58,950 But, first let's look at the collections we currently have in our database. 48 00:02:58,950 --> 00:03:02,080 I'll switch to the terminal and open a new tab. 49 00:03:02,080 --> 00:03:04,990 I'll open the Mongo shell by typing Mongo. 50 00:03:05,990 --> 00:03:09,650 Now, if you're on Windows you'll need to run the Mongo executable. 51 00:03:09,650 --> 00:03:12,240 And, if you get an error you might not have Mongo running, so 52 00:03:12,240 --> 00:03:14,330 make sure you've got it started. 53 00:03:14,330 --> 00:03:19,320 In this shell you can see all your Mongo databases by typing show dbs. 54 00:03:20,790 --> 00:03:22,000 There's the bookworm database. 55 00:03:22,000 --> 00:03:22,950 But what's in it? 56 00:03:22,950 --> 00:03:26,290 To see the collections in the database we need to select it. 57 00:03:26,290 --> 00:03:27,909 Use bookworm. 58 00:03:29,770 --> 00:03:33,560 Then we show the collections by typing show collections. 59 00:03:35,340 --> 00:03:39,690 There is the system dot indexes, that's some internal collection used by Mongo. 60 00:03:39,690 --> 00:03:42,860 And, there is our users collection that holds user data. 61 00:03:42,860 --> 00:03:47,495 I'll switch to another tab, and start up our application by typing Nodemon. 62 00:03:49,960 --> 00:03:54,021 Now, if I login to the site, a new collection is created, and 63 00:03:54,021 --> 00:03:56,610 my session is stored in it. 64 00:03:56,610 --> 00:03:59,480 Let's go back to the terminal and the Mongo shell. 65 00:03:59,480 --> 00:04:00,790 I'll type show collections again, 66 00:04:00,790 --> 00:04:04,100 and you'll see there's a new collection called sessions. 67 00:04:05,280 --> 00:04:09,460 Let's see what's inside it, 68 00:04:09,460 --> 00:04:13,055 db dot sessions dot find. 69 00:04:13,055 --> 00:04:15,720 Voila, there's the session and there's my user id. 70 00:04:16,800 --> 00:04:18,248 Let's see what happens if I log out. 71 00:04:18,248 --> 00:04:24,778 I'll log out, return to the terminal and see what's inside the sessions collection. 72 00:04:24,778 --> 00:04:28,400 Nothing it's empty. 73 00:04:28,400 --> 00:04:31,380 Remember our log out route deletes the user session. 74 00:04:31,380 --> 00:04:32,530 So, my session's now gone. 75 00:04:32,530 --> 00:04:37,330 All right, this authentication system is capable of handling 76 00:04:37,330 --> 00:04:40,440 thousands of users without bringing down the server. 77 00:04:40,440 --> 00:04:44,530 In the next video, I'll wrap up the course and talk to you about a few next steps 78 00:04:44,530 --> 00:04:47,830 you could explore for enhancing authentication on your sites.