Implementing Session Authentication
A major downside to basic HTTP authentication is that the login sticks around as long as the credentials are stored and is not very secure. A much better method is to implement your own authentication and store it in a session that you can expire whenever you want.
The session middleware inside Express works very well for implementing session authentication. The session middleware attaches a Session object req.session to the Request object to provide the session functionality. Table 19.1 describers the methods you can call on the res.session object.
Table 19.1 Methods on the res.session object to manage sessions ...
Get Node.js, MongoDB, and AngularJS Web Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
