Q1. What is session management in Express?
Sessions allow you to store user-specific data across multiple requests.
Unlike cookies (stored client-side), session data is stored on the server.
A session ID is sent to the client via cookie, and the server uses this ID to retrieve the session data.
Unlike cookies (stored client-side), session data is stored on the server.
A session ID is sent to the client via cookie, and the server uses this ID to retrieve the session data.
Q2. How do you implement sessions in Express?
Use
Install it, then:
Example:
express-session middleware.Install it, then:
app.use(session({
secret: 'your-secret',
resave: false,
saveUninitialized: true,
cookie: { secure: false }
}));
req.session.Example:
req.session.userId = user.id;Q3. What do session options like secret, resave, and saveUninitialized mean?
secret is used to sign the session ID cookie.resave: false prevents saving session if it wasn't modified.saveUninitialized: false prevents saving empty sessions (useful for login pages).cookie options control the session cookie behavior.Q4. Where is session data stored by default?
By default,
This is not suitable for production because it doesn't scale and leaks memory.
In production, use database stores like
express-session uses MemoryStore, which stores sessions in server memory.This is not suitable for production because it doesn't scale and leaks memory.
In production, use database stores like
connect-mongo (for MongoDB) or connect-redis.Q5. How do you destroy a session (logout)?
Use
Example:
req.session.destroy() method.Example:
req.session.destroy((err) => {
if(err) {...} else { res.redirect('/'); }
});