Managing sessions and cookies in Express.js applications

17 Sep 2023

Sessions and cookies are essential in managing state and storing user information in web applications. In this blog post, we’ll explore how to effectively manage sessions and cookies in Express.js applications.

What are Sessions and Cookies?

Sessions and cookies are mechanisms used to store user-specific data on the server and client-side, respectively.

Sessions: A session represents a user’s interaction with a web application over a series of requests and responses. The server creates a unique session for each user, which allows the application to store and retrieve user-related data during their visit.
Cookies: Cookies are small text files stored on the client’s device. They contain user-specific information and are sent to the server with each request. Cookies are commonly used for sessions, user authentication, and tracking user behavior.

Setting Up Sessions in Express.js

To manage sessions in Express.js, we can use the popular express-session middleware. First, let’s install it:

npm install express-session

Next, require and configure express-session in your Express.js application:

const express = require('express');
const session = require('express-session');

const app = express();

app.use(
  session({
    secret: 'your-secret-key',
    resave: false,
    saveUninitialized: true,
  })
);

secret: A string used to sign the session ID cookie. It is recommended to store this as an environment variable.
resave: Specifies whether to save the session back to the session store, even if it wasn’t modified during the request. Set it to false to optimize performance.
saveUninitialized: Determines whether to save uninitialized sessions to the store. Set it to true to comply with GDPR regulations.

With express-session configured, you can now access and modify the session object in your routes and middleware:

app.get('/login', (req, res) => {
  req.session.user = {
    id: 123,
    username: 'exampleUser',
  };
  res.send('Logged in successfully!');
});

app.get('/dashboard', (req, res) => {
  const user = req.session.user;
  res.send(`Welcome, ${user.username}!`);
});

Handling Cookies in Express.js

Express.js provides built-in middleware called cookie-parser to handle cookies. Install it using the following command:

npm install cookie-parser

Require and configure cookie-parser in your Express.js application:

const express = require('express');
const cookieParser = require('cookie-parser');

const app = express();

app.use(cookieParser());

Now, you can set and retrieve cookies in your routes and middleware:

app.get('/set-cookie', (req, res) => {
  res.cookie('username', 'exampleUser', { maxAge: 3600000, httpOnly: true });
  res.send('Cookie set successfully!');
});

app.get('/get-cookie', (req, res) => {
  const username = req.cookies.username;
  res.send(`Username: ${username}`);
});

res.cookie(): Sets a cookie with the given name, value, and options.
req.cookies: Object containing all the cookies sent by the client.

Summary

In this blog post, we learned about sessions and cookies and how to manage them in Express.js applications. We explored how to set up sessions using express-session middleware and handle cookies using cookie-parser. Incorporating sessions and cookies into your Express.js applications enables you to build more personalized and interactive web experiences for your users. #ExpressJS #SessionsAndCookies