Session Authentication in Express
Learn how sessions can be implemented using cookies and localStorage.
StartKey Concepts
Review core concepts you need to learn to master this subject
Session
Sessions: Cookies
Sessons: localStorage and sessionStorage
HTTP Security Headers Definition
HTTP Security Headers: Strict-Transportation-Security
HTTP Security Headers: Content-Security-Policy
HTTP Security Headers: X-Frame-Options
Sessions in Express.js
Session
Session
A session is a storage strategy that consists of information server-side.
A session id, as well as other session variables, are stored client-side in cookies or localStorage
and allow the browser to make an HTTP request to get the persistent session information from the server.
Sessions are terminated when a user exits the browser or after client storage is cleared.
- 1How do web applications keep a user logged in? How does a shopping site remember what’s in your cart? And how is this done securely? In this lesson, we’ll define what a web session is, what cookie…
- 2HTTP(S) protocol on its own is stateless, meaning requests and responses are just relaying information back and forth with no knowledge of a specific user. But web developers want to create engagi…
- 3It’s a bit clunky for the client to remember to tack the session ID onto every request. Because of this, the session ID is often kept client-side in the form of session cookies. Cookies are tiny …
- 4Cookies often store sensitive information, especially when they’re used in session management. Cookies are also used to store a user’s personal preferences or history, which should also stay secure…
- 5Reading cookie data can involve some tedious syntax and relying on cookies to be attached for each HTTP request can affect a website’s performance. Cookies are also quite limited in storage. Cookie…
- 6As you can see, the localStorage syntax is very straightforward and makes storage and retrieval easy. So why hasn’t everything transitioned to using localStorage or sessionStorage? What are the pro…
- 7Users and web developers should be concerned with session hijacking, an attack in which an attacker steals session identifiers an…
How you'll master it
Stress-test your knowledge with quizzes that help commit syntax to memory