0bie · January 13, 2021 00:04
diff --git a/sessions.js b/sessions.js
 // Sessions

 // A place to store data that you want access to across requests.
 // Each user that visits your site has a unique session
 // Sessions can be used to store and access user data as they access your application
 // Sessions allow a web app to store state

 // Simple session in Express:
 import express from 'express';
 import session from 'express-session';

 const app = express();
 // app.use(session());
 app.use(session({
  secret: 'this is a secret token',
  cookie: {maxAge: 60000}
 }));

 // Access the session as a `req.session`
 app.get('/', function(req, res, next) {
  const sessionData = req.session;
  sessionData.someAttribute = 'foo';
  res.send('Returning with some text');
 });

 // Read it in another route handler
 app.get('/bar', function(req, res, next) {
  const someAttribute = req.session.someAttribute;
  res.send(`This will print the attribute I set earlier: ${someAttribute}`);
 });

 // Sessions can store information in different ways:

 // Application memory:
 // Not used for production
 // Means that the data is stored for the lifetime of your application runtime; if server stops, all data is removed
 // Causes memory leaks
 // Makes sense for a development environment

 // Cookie:
 // A cookie is a small piece of data that gets sent between a web server and your browser
 // Allows the server to store information relevant to a specific user
 // One commmon use for cookies is to store session data:
 // The server issues a cookie that gets sent to the browser and stored for a period of time (expiration time).
 // When a user makes a subsequent request to the web server, this cookie gets sent along with the request, and the server can read the information that's in it
 // The server can manipulate the cookie if it needs to, and then sends it back to the browser
 // Until the cookie expires, everytime you make a request, your browser will send the cookies back to the server

 // Issues with cookies:
 // They can only store small bits of data (usually 4kb)
 // They are sent in every request so depending on the amount of data stored it could slow down your app
 // They can be vulnerable to attacks
 
 // Memory cache:
 // A memory cache is a place where small chunks of key-value data can be stored.
 // When storing session data in a memory cache, the server will still use a cookie, but the cookie will only contain a unique `sessionId`
 // This `sessionId` will be used by the server to perform a lookup against the store
 // When using memory cache, your cookie only contains a `sessionId`; this removes the risk of private user information being exposed in the cookie

 // Benefits to using memory cache to store session information:
 // They are normally key-value based and are quick to perform lookups
 // They are normally decoupled from your application server (reduces dependencies)
 // A single memory store can serve many applications
 // They automatically manage memory by removing old session data

 // Issues with using memory cache:
 // They are another server to set up and manage
 // They may be overkill for small applications
 // There's no good way to reset the cache without removing all the sessions stored inside it

 // Example set up using memory cache
 const express = require('express');
 const session = require('express-session');
 const cookieParser = require('cookie-parser');
 const app = express();
 const MemcachedStore = require('connect-memcached')(session);

 app.use(cookieParser());
 app.use(session({
  secret: 'some-private-key',
  key: 'test',
  proxy: 'true',
  store: new MemcachedStore({
    hosts: ['127.0.0.1:11211'], // this should be where your Memcached server is running
    secret: 'memcached-secret-key' // optionally use transparent encryption for memcache session data
  })
 }));

 // Database:
 // Storing session data in a traditional database luke MySQL
 // The session still contains a `sessionId`, it will map to the primary key of the Session table on the database
 // Retrieving data from a database is slower than a memory cache because the data is stored on disk, not memory
 // You'll be hitting your database alot when you store sessions there
 // You have to manage old sessions yourself; if you don't get rid of old sessions, your database will be filled with lots of unused rows

 // Where to store data?
 // "cache first, then cookie, then then database"

 // https://nodewebapps.com/2017/06/18/how-do-nodejs-sessions-work/
	// Sessions

	// A place to store data that you want access to across requests.
	// Each user that visits your site has a unique session
	// Sessions can be used to store and access user data as they access your application
	// Sessions allow a web app to store state

	// Simple session in Express:
	import express from 'express';
	import session from 'express-session';

	const app = express();
	// app.use(session());
	app.use(session({
	secret: 'this is a secret token',
	cookie: {maxAge: 60000}
	}));

	// Access the session as a `req.session`
	app.get('/', function(req, res, next) {
	const sessionData = req.session;
	sessionData.someAttribute = 'foo';
	res.send('Returning with some text');
	});

	// Read it in another route handler
	app.get('/bar', function(req, res, next) {
	const someAttribute = req.session.someAttribute;
	res.send(`This will print the attribute I set earlier: ${someAttribute}`);
	});

	// Sessions can store information in different ways:

	// Application memory:
	// Not used for production
	// Means that the data is stored for the lifetime of your application runtime; if server stops, all data is removed
	// Causes memory leaks
	// Makes sense for a development environment

	// Cookie:
	// A cookie is a small piece of data that gets sent between a web server and your browser
	// Allows the server to store information relevant to a specific user
	// One commmon use for cookies is to store session data:
	// The server issues a cookie that gets sent to the browser and stored for a period of time (expiration time).
	// When a user makes a subsequent request to the web server, this cookie gets sent along with the request, and the server can read the information that's in it
	// The server can manipulate the cookie if it needs to, and then sends it back to the browser
	// Until the cookie expires, everytime you make a request, your browser will send the cookies back to the server

	// Issues with cookies:
	// They can only store small bits of data (usually 4kb)
	// They are sent in every request so depending on the amount of data stored it could slow down your app
	// They can be vulnerable to attacks

	// Memory cache:
	// A memory cache is a place where small chunks of key-value data can be stored.
	// When storing session data in a memory cache, the server will still use a cookie, but the cookie will only contain a unique `sessionId`
	// This `sessionId` will be used by the server to perform a lookup against the store
	// When using memory cache, your cookie only contains a `sessionId`; this removes the risk of private user information being exposed in the cookie

	// Benefits to using memory cache to store session information:
	// They are normally key-value based and are quick to perform lookups
	// They are normally decoupled from your application server (reduces dependencies)
	// A single memory store can serve many applications
	// They automatically manage memory by removing old session data

	// Issues with using memory cache:
	// They are another server to set up and manage
	// They may be overkill for small applications
	// There's no good way to reset the cache without removing all the sessions stored inside it

	// Example set up using memory cache
	const express = require('express');
	const session = require('express-session');
	const cookieParser = require('cookie-parser');
	const app = express();
	const MemcachedStore = require('connect-memcached')(session);

	app.use(cookieParser());
	app.use(session({
	secret: 'some-private-key',
	key: 'test',
	proxy: 'true',
	store: new MemcachedStore({
	hosts: ['127.0.0.1:11211'], // this should be where your Memcached server is running
	secret: 'memcached-secret-key' // optionally use transparent encryption for memcache session data
	})
	}));

	// Database:
	// Storing session data in a traditional database luke MySQL
	// The session still contains a `sessionId`, it will map to the primary key of the Session table on the database
	// Retrieving data from a database is slower than a memory cache because the data is stored on disk, not memory
	// You'll be hitting your database alot when you store sessions there
	// You have to manage old sessions yourself; if you don't get rid of old sessions, your database will be filled with lots of unused rows

	// Where to store data?
	// "cache first, then cookie, then then database"

	// https://nodewebapps.com/2017/06/18/how-do-nodejs-sessions-work/