How it works...

Perhaps the easiest way to discuss our authentication implementation is to analyze it from a user flow perspective.

The first route, the / (index) route conditionally displays a login or logout link, plus the users name if logged in. The views/index.ejs template contains the logic that checks for a truthiness of a user template local and if it doesn't exist presents a login link, pointing to /auth/login. The user local passed to the template in routes/index.js is the value on req.session.user.

We registered express-session middleware on our Express app in index.js, which means every req object has a session object. However, prior to logging in, the user does not have a session, it's simply an empty object where user is undefined ...

Get Node Cookbook - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.