...

/

Managing User Authentication and Sessions

Managing User Authentication and Sessions

Learn how to manage user authentication and sessions in Express using TypeScript and the express-session library.

The express-session library

Now that we have access to the username and password data from the login form, we can set an application variable that can tell our application whether or not the user has been logged in. To do this, we will store the username in a session variable so that it is persisted between application screens. We will make use of the express-session library to handle session storage.

We can configure our application to use this library by updating our main.ts file with the following changes:

Press + to interact
// Existing code not shown
import expressSession from 'express-session';
app.use(expressSession(
{
secret: `asdfghjkl`,
resave: false,
saveUninitialized: true
}
));
app.use(`/`, Index.router);
app.use(`/`, Login.router);
// Existing code not shown

Here, we are importing the express-session library and then calling the app.use function with the expressSession function in order to configure it.

The expressSession function uses a configuration object to set the secret, resave, and saveUninitialized required properties:

  • The secret property, as described by the express-session documentation, is used to sign the session ID cookie. This means that the session cookie values will become invalid if they are modified somehow and provides an extra level of security to ...