Session Authentication in Express
Вставка
- Опубліковано 16 лис 2018
- Hey guys, in this video we will implement session-based authentication in Node.js using Express, a minimalist framework for web servers, and express-session, an Express middleware for server-side sessions. We will develop the login, logout, and register functionality, as well as discuss security and scaling. To get the most out of this video, I recommend that you start with Authentication on the Web • Authentication on the ... which lays the theoretical groundwork for this episode.
We begin with a detailed walkthrough of express-session and its configuration options. Once we set up the sessions, we will wire them up to server routes, which will entail input validation, user lookup, and error handling. We will also protect the routes with guards, or middleware, to check for authenticated users. Finally, we will demo the app, and observe the session lifecycle to nail down the mechanics of session management. We will then conclude with final thoughts about enhancing security and deploying to production.
express-session www.npmjs.com/package/express...
Redis session store github.com/tj/connect-redis
Notes github.com/alex996/presentati... - Наука та технологія
Hey guys, it's Alex again. I know the config for express-session can feel a bit daunting at first (I had to read through very carefully myself), so I created a reference guide that explains each option in detail. You can find it along with other presentations on GitHub github.com/alex996/presentations/blob/master/express-session.md
please if i may ask ,which algorithm used to hash session ID sent in the cookie?
@@medi7573 HMAC SHA256 github.com/tj/node-cookie-signature/blob/4496ae0795ef0fb6303184e1f44370546663e2e4/index.js#L20
Thank you. It is really daunting.
The way the documentation of express-session is written assumed that readers already know a pretty big deal.
my app works fine on localhost but it doesn't login when i deploy it to heroku. Any help?
Thank you so much
For people who are watching this video : at 20:10 in the newest versions of Express, body-parser package is now built-in in Express. All you need to do is use it as a middleware like this : app.use(express.json()) and app.use(express.urlencoded({extended: true}))
Thanks for the video!
A year and a half later and this is still *the best* express-session tutorial. By far! Thank you for this Alex!
At first I was like "wow dude this guy is way too fast", but after watching a lot of many other tutorials I realized yours are actually the best ones, straight to the point, while most of the others just do a 2 hours video for something that could've been explained in 30.
I surely can't fully understand this in 40 minutes, but I sure can pause the video and/or rewatch all the parts I didn't get at first and I'll know that I won't waste time since there's no dead moment
Great job and thank you :^D
yeah this video is still sol relevant and to the point
This video has been so useful to me that I wish I could 'like' it many times. I've checked it three times already as a refresher. Thank you, Alex. 👍
Also, we can chain our routes if the have the same path like, "/login". Example:
app.route("/login")
.get(function (req, res) {
res.send('Login page"')
})
.post(function (req, res) {
res.send('post login')
});
Didn't know that, nice
Hey there! I have to give you a huge thumbs up! This is one of the best tutorials I have ever watched! Everything you said made sense and you didn't speak to hear yourself talk. You got straight to the point and everything was clear and concise. Thank you! I liked and subscribed and will be watching more of your videos. Once again...GREAT JOB! Wish others made excellent tutorials like this one. Take care, Lee
Coming from perhaps the absolute beginner in Node, thank you. I not only understood the basics of session management, you helped me improve my workflow as well. Currently trying to adapt this with your suggestions (database, validation, hashing...). Running into issues, but I'm confident I'll crack it soon. I'm grateful. Have a sub.
Great job Alex. Really useful. I was doing well until around 30:00. It got over my head afterwards. But I discovered your new Authentication/Authorization series and will be going those for sure. Thanks for getting me up and going in a very short time. Cheers.
I made a ridiculous amount of progress just from a few of your videos! My latest commit is the biggest I've ever made! Keep it up, and thank you!
I'm still in the middle of this.. but this is way too good so far. It's clear, concise and to the point. Thanks for your time buddy!
love the pace, love the clear language. thank you !! :D
Thank you for this video. This is a great tutorial, I could learn, understand, and now I'm going to try to implement all the 'to dos' by myself.
Even today, almost 3 years later, It is not so common to find content abou session auth (JWT all over the place), let alone a so well produced material, so congratulations and thank you again.
Saved my life. So many hours and days of struggles and finally I have solved my problem thanks to you! Keep up the good work!
This channel is probably the best thing I found on the internet
Cute
A BIG THANK YOU for the level of detail and simplicity of this authentication tutorial, it has cleared my confusion on this topic as to when does the client know the user is still connected, or how the session is checked and validated! I've honestly seen this video and watched it on 1.5x before and I didn't get the pointers, so I watched a few more videos on the same topic but got really confused because there's no clear explanation how they validate the session data, how logging in and out works when the session is created/destroyed or how the server uses the session to determine the current user! So I finally watched your video on normal speed, and got the ideas right! I know how JWT authentication works already, it works on the payload, but this session authentication using express has eluded me, so thanks again!
tried many tutorials for authentication.This is by far the best explaination I have listened to.Cheers :)
Simple, clean and quality voice == best tutorial
Great tutorial!! You explained it so clear and simple! Thanks!
I liked this tutorial. Best among youtube videos I watched to meet my session management requiremnent with Node.js
Thank you so much alex. From last 3 days i was trying to learn how to implement session based authentication and i failed but from this video, I learned it easily.
Thank you BRO! From Russia with love
This is the best video on NodeJS authentication I have seen. Thanks
Thanks for this tutorial. Completely clear of express-session
Wow u have even written everything in the comments on the notes too. That is really awesome.
Hey I'm french and I watched your video , which helped me a lot for my backend school project... You speak a little to fast but I understood almost everything I needed to haha. thanks!
Thanks man! This is exactly what i looking for. Nice work!
Very good explanation. I'm doing this for the first time and it makes complete sense
You are so knowledgeable. I've leant quite a few useful things that I didn't know.
You explained this really well, thank you.
Exactly what i was looking for. Thanks Alex. Love from India
You are the realm the real teacher, thank you!
Its good to watch u video. Content is explained very nice and straight to the point. Keep up making more video.
Exactly that i was looking for..Thank you so much
thanks for the video, it helps a lot
waiting for the next tutorial!
Bro u r seriously amazing. This is the first video I have watched of urs and I am a fan of ur to the point videos with all the minor explanations as well.
Btw I watched at 1.5x speed 😂. Perfect
Omg Struggled for so many days and now it's clear!
thanks for the video, its helping me with my project!!
Great, very clear explanation!
Many many thanks for this tutorial. Ofcourse I understood the principle of cookies but never knew how to use it in my requests. Thanks!
Sir i didn't get why you use redirectHome into login POST request?
That's a really nice tutorial. Impressed !
you are one of the best Sire! Thanks a very lot!
This was super helpful. Thanks you very much.
Thanks, Alex, that was amazing!!!!!!!!!!
Absolutely the best Alex, no doubts. I own you a lot
Great explanation , thank you !
thank you so much you don't know how much this helped
Thank you for this very useful one!
Wow you explain very well! thanks
So glad I found this video
Thank u for this awesome video and series
Happy new year dood!
thank you for sharing how session express works.
Thumbs up, you are a real prodigy!
Great tutorial , Thanks buddy!
Sir i didn't get why you use redirectHome into login POST request?
thank u so much, I really benefitted after sean this video
awesome tutorial. Thank you so much
Thanks and keep up the good work! :)
This is the best tutorial out there.
Very informative, thanks!
On my recommended, Im so glad I clicked it lol
Sub!!!
you have really great knowledge
Thank you for this amazing series....🤗👍👍
Sir i didn't get why you use redirectHome into login POST request?
this video is awesome, thanks man
Thanks for this amazing tutorial
Super useful. Thanks :)
really helpful i learn a lot today....kep it up...thanks
Amazing job man!
this is an amazing tutorial!
quick and best explained tutorial.
From one random guy to another, Thank you. :)
Thx for great tutorial :D
hi, This was a great training. Thank
Great tutorial on authentication.
How do I give this video 10 thumbs up?
It deserves it.
you are great man thanks
Thank you this was helpful
You Motivate ME .... Thanks man --->
Wow. Perfect. A way to create a register, login, session and logout in 1 video. Just what I needed.
I looked at your presentations on github and you go into detail on how to use redis to store a session ID. Any chance you can give a quick explanation on how to store the session ID on mongoDB? Thanks
Thank you master!
Amazing tutorial 🤩
Great Tutorial Man :)
UA-cam clearly works for the sake of this channel.
This was really helpful! FYI, the custom middleware redirectLogin wasn't working me for some reason. I had to use the hasOwnProperty method:
const redirectLogin = function(req, res, next) {
if (!req.session.hasOwnProperty.call(req.session, 'userId')) {
return res.redirect('/account/login');
}
next();
};
RICARD, QUE GUAPO DEJAR A ESTE CHAVAL ENSEÑARNOS LO QUE TU DEBERÍAS EH, TA WAPA LA FAENA DE PROFE DEL CHILL HACIENDO TUS OTROS TRABAJOS EN VEZ DE ENSEÑARNOS EHHH.
Np, te quiero
At first I thought... damn!! dude has no chills at all, then with the little humour at around16:10 I was like, whew! he's human after all :) great video
Thank you!
helped a lot thanks
Thanks a lot!
Thank you~
Thank you! Was that real speed of your coding? Amazing!
Thank you so much for this video....let say if i save token in cookie at client shall i need to manually send it along with header OR it will be auto sent if i stored in cookie..?
Excellent
very helpful
THANK. YOU.
Thank you
amazing
thank you
Hey, I would like to clarify some doubts. If the maxAge is set to a timethen wouldn't the cookie be deleted by the browser even though there is user activity? Wouldn't that affect user experience? Is there some kind of best practice?
express-session has a rolling option to extend the expiry date on subsequent requests. You may want to be careful so as not to extend it indefinitely though; that's where the absolute timeout comes in
Great video! Is there a copy of the code available anywhere?