we are in the process of building a new app in node.js with express that connects to our parse server backend. We have built native apps that already connect to our backend on iOS, Android and PHP. All of them have the ability to log in the user and store the session data securely.
I’ts my understanding that node.js doesn’t really store sessions like for example in PHP you can store them as a file on the server or to memcache or redis and test against parse->currentUser() to check if its valid.
How does one do this with node.js? We cant store any session data in a cookie since thats not secure.
Is using express-sessions and redis a good way to handle this?
2
Answers
An approach that I’ve used in the past is to store your session ID in a cookie, but none of the session content. That will allow you to reconnect with a prior session, as long as it’s still valid. You can also use LocalStorage if you want something a little more persistent than SessionStorage. If you want something really persistent, you can manually save your session data to your database, and have the user request it if their browser data has been cleared.
That’s not a totally accurate understanding… it’s more that Node.js doesn’t really know or care how you handle your sessions. That’s where frameworks like Express, and their modules express-session, come into play.
If you’re using Express, yes. And, with that, you can use whatever session store you want, including Redis, Memcached, files, just like you’re used to with PHP.