Let's follow the steps below to create a user session cookie in Express:
- First, let's create a new route configuration called routes/session.js. This will contain all the logic needed to read and write our user session using cookies:
var express = require('express');
var router = express.Router();
router.all('*', function(req, res, next) {
var hasSession = req.cookies.session;
if (hasSession) {
req.session = hasSession;
} else {
var newSession = Math.floor(Math.random() *
1000000000);
res.cookie('session', newSession);
req.session = newSession;
}
console.log('Current Session: ', req.session);
next();
});
module.exports = router;
- Next, let's add our new session route to our /app.js Express configuration. We will want the session to be handled for every route in our application, so let's put it before the Angular and API configurations. We will also add a cookie secret key so that we can sign and read secure cookies from Express:
...
var cookieParser = require('cookie-parser');
var api = require('./routes/api');
var angular = require('./routes/angular');
var session = require('./routes/session');
...
app.use(cookieParser('my-cookie-secret'));
app.use(session);
app.use('/', angular);
app.use('/api', api);
...
- To ensure that our cookies are genuine, we will update our /routes/session.js middleware to only use signed cookies, as follows:
...
router.all('*', function(req, res, next) {
var hasSession = req.signedCookies.session;
if (hasSession) {
req.session = hasSession;
} else {
var newSession = Math.floor(Math.random() * 1000000000);
res.cookie('session', newSession, { signed:
true });
req.session = newSession;
}
next();
});
...
- Finally, we can add a secret route to our session middleware that will set our user session up as a secret admin role. After setting the admin role, we will redirect it to the Angular application:
...
router.get('/admin', function(req, res, next) {
var adminId = 'super_secret_session';
res.cookie('session', adminId, {signed: true});
req.session = adminId;
res.redirect('/');
});
module.exports = router;
- Now, when we visit any route of our application, we will be assigned a session cookie. When we visit localhost:3000/ admin, our session is set to our special admin role, and we are redirected to the Angular application.