Week 9 - State and Sessions

Wednesday Agenda

Review Deliverable - Working Webserver/Database/Basic Views

Recommended Schedule

Monday

Holiday!

Tuesday

Thursday

Sessions
Authentication

Cookies

HTTP itself is stateless - each page request is a separate transaction between client and server and there is nothing that links one request to the next. However, there is a way to add state - a server (or webpage) can request that the browser store a small file, known as a cookie. That cookie then gets sent back to the server with each new request.

This video covers the technical details of cookies and shows how JS in the browser can be used to read and write cookies.

Sometimes JS on a page does want to store information in a cookie. But the most important use of cookies is to help servers remember information about a particular user. This video shows how to set and read cookies in express:

Sessions

Cookies are essential for keeping track of individual clients across a series of requests. And they are fine for storing small amounts of information if we are not too concerned about leaving that data under the control of the user's system.

But if we want to store lots of data about a user, or if we want to not send that data to the user's computer and rely on it to store it for us, we will want to set up what is known as a session. A session is a set of data maintained by the server and associated with a cookie to track a particular user:

Sessions References

Authentication

Being able to track a user's activity and store information is great. But what if you want to be able to identify who a user actually is and to store information about them that persists across sessions? For example, if you log into Canvas and then switch browsers, you will be using a new session in the second browser and thus not logged in. The same thing happens if you clear all your cookies while logged in - your session will be ended and you will no longer be logged in. But if you do log into Canvas in the new session, the server will know who you are, what classes you are taking, etc...

To do this, we need a way to authenticate users - a log in system:

The video doesn't do as deep a dive as normal into every bit of the sample code as you will not be required to implement authentication in your assignment.

Authentication Reference

Passport JS Authentication