There are many application types where users log in to use privileged features. Since HTTP is a stateless protocol the only way to authenticate a user is by sending a cookie to their browser, after making them perform some action to verify their identity. The cookie would contain that data the application can use to verify the user. We're going to take a quick tour through implementing a login form, sending a cookie to the browser, and preventing access to Notes unless the cookie is present.
We start with a couple of modifications to
app.js, the first of which is the server object configuration to add the
var app = express.createServer(); app.use(express.logger()); app.use(express.cookieParser()); ...