New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can someone tell me if this observation is valid? #52
Comments
Hi @ORESoftware, The observation is correct, for the most part. The short answer is because that's how the two modules are designed: What does this mean? Server-side sessions are sessions where the contents of the session are stored on the server-side. Where you store this is typically in a database or other storage mechanism. If you are using the memory of your Node.js web application as the storage location, then yes, restarting that server process will loose all sessions. The way this works is that each session is stored on the server with a unique identifier. A cookie is then sent on the user's web browser that is just this unique identifier. Client-side sessions are sessions where the contents of the session are stored on the client itself. Rather than the value of the cookie just being a unique identifier, the value is the actual contents of the session, meaning that there is no aspect of the session actually stored on the server (so-called stateless sessions). There are of course pros/cons to each approach, which is why the two mechanisms exist. There are many resources out there that describe in details these pros/cons, so I won't get into extreme detail here, but a few highlights:
The two modules give a choice between the two, and both have valid use-cases. For example, a client-side session can be good if the session does not contain much data, rarely changes, and there is no need to know what sessions are out in the wild (for tracking, listing, revocation, etc.). I hope this helps! Let me know if you have any additional questions :) |
that definitely helps thanks a ton for info |
one more question - can the docs explain what the keys are ?
the docs don't seem to explain what these keys are about |
Hi! There is the documentation section regarding keys https://github.com/expressjs/cookie-session#keys but I understand it can use a bit more information (noted & tracking in the existing issue #43). Can you help me by telling me does the current documentation in that section not help? Does it make you ask a specific question, and if so, what is that question(s)? |
http://stackoverflow.com/questions/33852793/passport-token-auth-without-database-session/34958643#34958643
It seems to me that expressSession sessions get lost if the server restarts, but cookieSession sessions remain even if the server restarts. Is that correct and if so why is that? thanks
The text was updated successfully, but these errors were encountered: