Memory is the treasure house of the mind wherein the monuments thereof are kept and preserved.

Thomas Fuller

Chapter 8Focus on Session Management

In the last chapter we looked at authentication and how to make it difficult for impersonators to steal credentials. This is critical for security, but we’d lose users immediately if they were forced to retype their password every time the application tried to do something. This is why we need sessions.

Think of sessions as pieces of your server’s short-term memory. When you authenticate to the application, the server remembers who you are for a set amount of time. Sessions make the application convenient to use and your users happy, but if you don’t create and manage sessions securely, they’ll ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.