What is the main subject of User Authentication?
cookies 🍪
middleware express-session send browser a cookie.
Cookies: pieces of information that backend can give to the browser. A way of transporting and sending and receiving informations. (HTTP standard)
After creating a cookie, everytime browser make a request to the backend, browser automatically attach the cookie on the request.
app.use(
session({
secret: "SomeText",
resave: true,
saveUninitialized: true,
})
);This middleware will automatically attach the cookie to the browser. Browser will make request with every URL inside of a web.
session
Session (Session ID): a unique information stored inside cookies. and the session id not only saved inside the cookies, but also saved in the backend too.
backend keeps all the session ids ever created in session store
session store
Session store is where session ids are stored.
req.session will look different for every browsers.
Since the sessionID is all different by different browsers, we can put information inside the session object.
So we can know the session ID using cookies.
HTTP is stateless meaning after a request and response is done, there' no more connection between the browser and the backend.
To have more connection to let the browser and the backend, we give users(browsers a session id inside of cookies)
