nodejs session cookie browser storage

Question

Server is nodejs with express-session, passport, express

I want to avoid saving a cookie when the user is not authenticated , is this possible?

var sessionStore = new session.MemoryStore;
app.use(session({
    cookie: { maxAge: null,
              httpOnly: true,
              secure: true,
            },
    store: sessionStore,
    resave: 'false',
    secret: 'somthing',
    name: "id",
    saveUninitialized: false
}));

Is it somehow possible to only store the cookie when the user did successfully login? Thanks!

Answer 1

You have to create an express-session: https://www.npmjs.com/package/express-sessions and then store the session like this:

let session = require("express-session");

app.use(session({
    secret: "secret",
    resave: false,
    saveUninitialized: true,
    cookie: {secure: true,
        httpOnly: true,
        maxAge: 1000 * 60 * 60 * 24
    }
}));

This session will be stored during your visit on the webpage. If you want to set values to the cookie, simply request the cookie in a request and set somekind of value:

router.route("/login")
    .post(function(req, res) {

        req.session.Auth = req.body.user // => user values?
    })

OR You can use cookie-session( https://www.npmjs.com/package/cookie-session )

If you use cookie session then if you made any changes to session variable or from server side, then no need to restart server.

app.use(cookieSession({
 name: 'session',
 keys: ['key1', 'key2']
}))

app.get('/', function (req, res, next) {
  // Update views 
  req.session.views = (req.session.views || 0) + 1

  // Write response 
  res.end(req.session.views + ' views')
})