In a web application, sessions are used to store user-specific information across requests. Express.js provides a session middleware called express-session that you can use to manage sessions in your Node.js application. Here's a basic guide on how to set up and manage sessions using Node.js and Express:
-
Install
expressandexpress-sessionpackages:npm install express express-session -
Set up a basic Express app:
Create a file (e.g.,
app.js) and set up a basic Express application.const express = require('express'); const session = require('express-session'); const app = express(); const PORT = process.env.PORT || 3000; // Configure the session middleware app.use(session({ secret: 'your-secret-key', // Change this to a random string resave: false, saveUninitialized: true, })); // Set up a simple route to demonstrate session usage app.get('/', (req, res) => { // Check if a session variable exists if (req.session.username) { res.send(`Welcome back, ${req.session.username}!`); } else { res.send('Welcome to the application! Please log in.'); } }); // Set up a route to simulate a login process app.get('/login', (req, res) => { // Set a session variable req.session.username = 'exampleUser'; res.redirect('/'); }); // Set up a route to simulate a logout process app.get('/logout', (req, res) => { // Destroy the session req.session.destroy(() => { res.redirect('/'); }); }); // Start the server app.listen(PORT, () => { console.log(`Server is running on http://localhost:${PORT}`); });In this example:
-
The
express-sessionmiddleware is configured with a secret key, which is used to sign the session cookie. -
The
/route checks if a session variable (username) exists and displays a welcome message accordingly. - The
/loginroute sets a session variable to simulate a login process. - The
/logoutroute destroys the session to simulate a logout process.
-
The
-
Run your server:
node app.jsVisit
http://localhost:3000in your browser and navigate between the routes to see the session management in action.
Remember to replace the secret key with a secure random string in a production environment. Additionally, you may want to explore more advanced session storage options, such as using a database or a dedicated session store, depending on your application's requirements.
