How to Authenticate a Session using Express
This guide describes the steps needed to add session-based authentication to a
Node.js app using the Express
web framework.
Middleware
Add session support by installing express-session:
$ npm install express-sessionUse it as application-level middleware.
var
session = require
('express-session'
);app.use
(session
({ secret
: 'keyboard cat'
, resave
: false
, saveUninitialized
: false
, cookie
: { secure
: true
}}));Configure
Register functions that serialize and deserialize user information to and from
the session.
var
passport = require
('passport'
);passport.serializeUser
(function
(user, cb
) { process.nextTick
(function
() { return
cb
(null
, { id
: user.id
, username
: user.username
, picture
: user.picture
}); });});passport.deserializeUser
(function
(user, cb
) { process.nextTick
(function
() { return
cb
(null
, user); });});Routes
Authenticate all routes by using passport.authenticate() as
application-level middleware.
app.use
(passport.authenticate
('session'
));Note that this middleware must be use()‘d after session() middleware added
in the previous step.
Alternatively, authenticate specific routes by using passport.authenticate()
on routes mounted at a path.
app.get
('/pages'
, passport.authenticate
('session'
), function
(req, res, next
) { });
