1. About session

session is another mechanism for recording the status of clients. Unlike cookie s, which are stored in client browsers, sessions are stored in servers.
When the client accesses the server, the server generates a session object with the key:value stored in it, and the server passes the key back to the client's cookie. When the user visits the server for the second time, the key from the cookie is passed back to the server, and the server returns the value to the client.
Therefore, the key above is a globally unique identity that clients and servers rely on to access session information data.

2. Setting up session s

We use the express-session module to set up session

1. Install express-session

cnpm install express-session --save

2. Introduce express-session module

const session=require("express-session");

3. Set up session

session(options);

The following code:

const express=require("express");
const session=require("express-session");

var app=express();

//Configuring Middleware
app.use(session({
	secret: "keyboard cat",
	 resave: false,
	 saveUninitialized: true,
	 cookie: ('name', 'value',{maxAge:  5*60*1000,secure: false})
}));

app.use('/login',function(req,res){
	//Set session
	req.session.userinfo='Zhang San';
	res.send("Landing success!");
});

app.use('/',function(req,res){
	//Get session
	if(req.session.userinfo){
		res.send("hello "+req.session.userinfo+"，welcome");
	}else{
		res.send("Not logged on");
	}
});

app.listen(8080);

Session is set in session(option). Its main parameters are:

1. name - The name of the cookie (the original attribute is named key).(Default:'connect.sid')
2. store - session storage instance
3. secret - Use it to sign session cookie s to prevent tampering
4. cookie - session cookie settings (default: {path:'/', httpOnly: true,secure: false, maxAge: null})
5. genid - Function that generates a new session ID (default uses uid2 library)
6. rolling - Forces cookies to be set at each request, which resets the cookie expiration time (default: false)
7. resave - Forces session to be saved even if it does not change (default: true, recommended: false)
8. proxy - Trust the reverse proxy when the secure cookies (via the "x-forwarded-proto" header) are set.When set to true,
"x-forwarded-proto" header will be used.When set to false, all headers will be ignored.The trust proxy for Express is used when this property is not set.
9. saveUninitialized - Forces uninitialized session storage.When a new session is created and no properties or values are set, it is in an uninitialized state.Prior to setting a cookie, permission control is helpful for login validation and ease storage pressure on the server side.(Default: true)
10. unset - Controls whether req.session is cancelled (for example, by delete, or by setting its value to null).This allows sessions to remain stored but ignore requests to modify or delete (default: keep)

3. Common methods of session

req.session.username="Zhang San"

//Get session
req.session.username

//Reset cookie expiration time
req.session.cookie.maxAge=1000;

//Destroy session
req.session.destroy(function(err){
	
})

The following demo logs out by destroying session:

const express=require("express");
const session=require("express-session");

var app=express();

//Configuring Middleware
app.use(session({
	secret: "keyboard cat",
	 resave: false,
	 saveUninitialized: true,
	 cookie: ('name', 'value',{	maxAge:  5*60*1000,
								secure: false,
								name: "seName",
								resave: false})
}));

app.use('/login',function(req,res){
	//Set session
	req.session.userinfo='Zhang San';
	res.send("Landing success!");
});

app.use('/loginOut',function(req,res){
	//Log off session
	req.session.destroy(function(err){
		res.send("Log out!"+err);
	});
});

app.use('/',function(req,res){
	//Get session
	if(req.session.userinfo){
		res.send("hello "+req.session.userinfo+"，welcome to index");
	}else{
		res.send("Not logged on");
	}
});

app.listen(8080);

When we enter the home page, no information is displayed. After entering the login route, session is set automatically. When we return to the home page, session information is displayed. After entering the loginOut route, session information is logged off, and then returning to the home page to display as login.