This course deals with all things server-side. We base the entire course around the NodeJS platform. We start with a brief overview of the Web protocols: HTTP and HTTPS. We examine NodeJS and NodeJS modules: Express for building web servers. On the database side, we review basic CRUD operations, NoSQL databases, in particular MongoDB and Mongoose for accessing MongoDB from NodeJS. We examine the REST concepts and building a RESTful API. We touch upon authentication and security. Finally we review backend as a service (BaaS) approaches, including mobile BaaS, both open-source and commercial BaaS services. At the end of this course, you will be able to: - Demonstrate an understanding of server-side concepts, CRUD and REST - Build and configure a backend server using NodeJS framework - Build a RESTful API for the front-end to access backend services
Exercise (Video): Express Sessions Part 1
Loading...
From the course by The Hong Kong University of Science and Technology
Server-side Development with NodeJS, Express and MongoDB
265 оценки
The Hong Kong University of Science and Technology
265 оценки
Course 4 of 4 in the Specialization Full-Stack Web Development with React
From the lesson
Halt! Who goes there?
This module is dedicated to user authentication. We first develop a full-fledged REST API server with Express, Mongo and Mongoose. Thereafter we examine basic authentication and session-based authentication briefly. We then develop token-based authentication with the support of JSON web tokens and the Passport module.
Meet the Instructors
Jogesh K. MuppalaAssociate Professor
Department of Computer Science and Engineering
[MUSIC]
In this exercise, we will look at the use of Express Sessions.
We'll set up the Express Sessions middleware,
and then the Express Sessions file store middleware.
And then set up our application to use Express Sessions rather
than using the signed cookies as we did with the.
We will also see how the session information is
itself tracked on the server-side.
To get started with this exercise,
go to the conFusionServer folder in your terminal or command window.
And then let's install Express Session.
So to do that type npm install express-session and
then session-file-store.
Because we'll be using the file-store for processing the session information.
So we'll install the session file store npm module for that purpose.
Once both of these are installed, and as you can see,
right now I'm using express-session 1.15.5, and
session file store is 1.1.2 in this course.
Once both of them are installed, let's go to our conFusionServer application.
Going to the conFusionServer application,
up here let's now import the express session.
So we'll say, var session =
require('express-session').
And var FileStore =
require('session-file-store').
And this takes the session as its parameter.
This session referring to this that we have just imported earlier.
Now once we do this, then we go down into our code here.
And then we'll see insert of the cookieParser, so
I'm just going to comment out the cookieParser from there.
And then I will now use session here.
And then we'll set up the session with the various options.
We'll say name.
I'm just using a random session ID here.
And then, secret.
I will use the same secret that I used earlier.
So let me just copy that string there.
And then,
SaveUninitialized,
saveUninitialized: false.
Resave: false.
This won't make much difference to the simple application that we are writing at
this moment.
And then we'll say, store: new, FileStore, that we declared earlier.
That's it, now my session middleware is all set up to make use of our application.
Okay, this should be S-E-S-S-I-O-N.
See these are the minor mistakes that will cause problems for
you and cause lots of errors being printed out on to the screen.
So watch out for these minor mistakes when you type your code.
Now as I mentioned, this session middleware will
add this req.session to the request message.
So I'm going to do a console.log of req.session just to see what it contains.
And then, down below here, instead of checking for
req.signedCookies.user, I'm going to check for req.session.user here.
And then we'll look at the authorization header and so on.
All this part will remain exactly the same as before.
But here instead of setting up the cookie,
what I will set up here is instead of setting up the cookie,
instead of using res cookie here, we'll say req.session.user = 'admin'.
So we're going to be setting up the user property on the req session to admin here,
and then proceed forward from this point.
So the rest of the code will remain exactly the same as before.
There won't be any change here.
And except right there, we are going to be
checking req.session.user is admin or not.
So that is the check that we're going to be doing here.
That's it.
Those are the changes that we need to do to our application in order
to use sessions in the place of signedCookies.
Let's save the changes and then look at this version of our Express Server.
So saving changes, going back to our terminal command window,
let's restart our server.
If your server has been running, just stop it and restart the server.
And then once the server is up and
running we'll go to Postman, and do a few requests.
Going to Postman,
let me clear out all these things.
We'll clear out the headers.
We'll clear out the authorization.
And then I will go to Cookies, and I'm going to delete this user cookie,
because that cookie is no longer valid.
And then let's send a get request to a local host dishes.
And then as we expect, it comes back saying you are not authenticated.
Now so let's authenticate ourselves using basic authentication.
So we'll say, admin, password and then we'll update the request and
then we'll send a get request to the same point.
And then we get the reply back from our server side.
Now note that in the headers, now you see, again, it said cookie here.
Now this is being caused by the session store here.
And when you look at the cookies, you see that there has been
another cookie that is set up here and the name is session-id.
So this is the name that we gave for our session there.
So that's the session-id that we are using here.
And if you click on Cookies, you will notice that session-id is right there and
then these are the details of what is inside that cookie there.
So you can notice a whole bunch of information, and
the expiry date for the cookie, and so on.
This may not make much sense to you at this moment, but it exists there.
Now let me clear out the authorization and
also from the header let me remove this authorization header.
And then I will resend the request, and you will notice that this request will be
correctly serviced even now, because of the fact that this cookie exists and
this cookie will be included in the outgoing request.
And the server side will map this to the appropriate session.
And so the server realizes that this is an authorized user and
will send back the reply.
Now going to our server console in the terminal or the command window,
you notice that the information being printed on the server side.
So recall that I was logging the req.session here.
So this is what the req.session contains initially.
And then it says GET dishes 401 not valid.
At this point you are sending in the appropriate authorization header there.
And so your request succeeds properly, but
then note what is being put out in the session in the next request.
Recall that I removed the authorizations header and then sent the request but
note what the req.session contains here.
In particular, note that it now contains this user
field with the admin in place there.
So this is what the server receives from our client's side in the cookie and
the cookie itself contains all this information here.
And so the server is recognizing that this is a valid user and
then sends back the results from the server side.
Going to Postman,
let's again take a look at the details of what is inside the cookie.
So when you open the cookie here,
you again see all the details of the information inside the cookie here.
If you look at your editor, you now see that in your editor,
there is a new folder here called sessions that has been created here.
Now this is because we were using file store to keep track of all our sessions.
Now that's one of the reasons why I used the FileStore so
that I can show you what is stored in a session file on my server side.
So if you open this file here with a long name there,
you would see inside there the session information being stored here.
So if you browse this session information,
note in particular this additional field that is in the server side.
So this is where your server is tracking all this information on the server side.
Now this cookie itself is recognized by the server since the client
includes this cookie in the incoming request.
Now it is able to go into the session store and
then retrieve the information and then load up this on to the req.sessions.
And hence the req.session contains this particular
information in there which my server is using to cross check to
make sure that my client is an authorized client.
That is it about sessions.
With this, we complete this exercise.
In this exercise,
we have seen how we can set up our Express Application to use sessions.
And we also saw how we are using the FileStore to keep track of our sessions.
This is a good time for
you to do a get comment with the message Express Sessions Part 1.
[MUSIC]
Ознакомьтесь с нашим каталогом
Присоединяйтесь бесплатно и получайте персонализированные рекомендации, обновления и предложения.
Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.
© Coursera Inc., 2018 Все права защищены.
