This guide describes the steps needed to add session-based authentication to a
Node.js app using the Express
web framework.

Middleware

Add session support by installing express-session:

$ npm install express-session

Use it as application-level middleware.

var
 session = 
require
(
'express-session'
);

app.
use
(
session
({
  
secret
: 
'keyboard cat'
,
  
resave
: 
false
,
  
saveUninitialized
: 
false
,
  
cookie
: { 
secure
: 
true
 }
}));

Configure

Register functions that serialize and deserialize user information to and from
the session.

var
 passport = 
require
(
'passport'
);

passport.
serializeUser
(
function
(
user, cb
) {
  process.
nextTick
(
function
(
) {
    
return
 
cb
(
null
, {
      
id
: user.
id
,
      
username
: user.
username
,
      
picture
: user.
picture
    });
  });
});

passport.
deserializeUser
(
function
(
user, cb
) {
  process.
nextTick
(
function
(
) {
    
return
 
cb
(
null
, user);
  });
});

Routes

Authenticate all routes by using passport.authenticate() as
application-level middleware.

app.
use
(passport.
authenticate
(
'session'
));

Note that this middleware must be use()‘d after session() middleware added
in the previous step.

Alternatively, authenticate specific routes by using passport.authenticate()
on routes mounted at a path.

app.
get
(
'/pages'
,
  passport.
authenticate
(
'session'
),
  
function
(
req, res, next
) {
     
  });