I am trying to keep sessions on my nodejs backend after a user logs in. The client is an app, and the login is done via an ajax request. I want to know if this is at all possible.
Asked
Active
Viewed 351 times
1 Answers
1
A login session in a browser typically works by sending a cookie (usually encrypted) back to the client that contains some sort of key/index to the server-side session. The client then presents that cookie with each subsequent request in order to identify itself to the server so the server can associate the right login with each new request. This is how express-session works.
To make this work in an app, you just need to preserve and send cookies with each ajax request. You don't show any of the code in your app so we can't make a specific coding suggestion, but often there is support for something called a "cookie jar" that is code associated with each request and response that captures the cookies, saves them and sends them with subsequent requests. If the communication libraries you are using don't have such a feature, you can either find some that do or you can code it yourself. It's a matter of retrieving the set-cookie header on a response, saving it for later use and then on each new request, you set the cookie header with that value.
If the cookie has an expiration date/time set, then your cookie processing code should honor that. You will also have to be careful to follow proper procedures and only send cookies to the destinations to which they belong (domain and path restrictions) or you may inadvertently open up a security vulnerability. It is obviously best if you can find an already implemented solution that follows all the proper cookie rules.
For more info on how cookies are received from the server and sent back to the server see here and here.
jfriend00
- 580,699
- 78
- 809
- 825
-
Thanks for the info, it was very helpful – Andre Marques May 16 '18 at 18:42