After learning about cookies, lets look briefly about sessions in Express applications.
If you’ve ever worked on any serious web application, you already know the importance of session. Creating session for logged in users, tracking the shopping cart items, storing the URL for redirect etc are some of the basic uses of sessions.
session middleware in Express: Node.js app.js
1
2
3
4
5
6
var express = require('express');
var app = express();
app.use(express.cookieParser());
app.use(express.session({secret: 'some secret key'}));
var express = require('express');
var app = express();
app.use(express.cookieParser());
app.use(express.session({secret: 'some secret key'}));
session middleware needs cookieParser() because session objects lookup for the cookie for matching up the requests.
setting session variable in Express: Node.js app.js
Here we check if the req.session.name has been set. If set, we show link to logout and also show current value present in the session variable. If the user is coming from /logout page, then we show “user logged out!” message.
Once the user clicks on /logout we destroy all the session by using req.session.destroy() We also give link to /user page, to check the fact that the session has already been destroyed.
Note: Make sure to have good session secret key – a combination of alphanumeric plus special characters. And make sure not to reveal it to anyone. Because, using this secret key / hash, someone with bad intention could possibly revoke the session and use your application as an authentic user, if care is not taken!
The main difference with cookie and a session is – session is stored on the server side and cookie on the client side.
Cookies are one of the important recipe for building an effective web application.
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website you are surfing and stored in a user/client computer. Every time the user loads that website again, the browser sends this cookie back to the server to notify the website of the user’s previous activity.
This way, using cookie, we could track user activities like her navigational behaviors, previous purchases on our site or previous leads etc.
Using express’s cookieParser() middleware we can enable working with cookies. Once the user navigates to /user/someUserName URL, the cookie is set with the name username and the value is actually fetched out of the request object’s params.
General Syntax for setting Cookie
res.cookie('cookieName', value, {expires: new Date() + 99999, maxAge: 99999});
res.cookie('cookieName', value, {expires: new Date() + 99999, maxAge: 99999});
Set a name to the cookie, give it some value. Also you can set the optional settings like, expiration date or the maxAge the cookie will be alive on the client computer.
You could remove a cookie by using clearCookie method of response object.
Once the cookie has been removed, you can set it again explicitly using Chromes console window. Type: document.cookie = “username = Microsoft” now refresh the browser, and you’ll see Microsoft being displayed!
We’ve been using middlewares in our previous video tutorials. Today, we’ll have a look at these middlewares.
Connect is a middleware framework of Node.js
But since connect is one of the dependencies of Express, we need not install it separately. If we have installed Express, then we already have connect.
Middeware in Express: Node.js app.js
1
2
3
4
5
6
7
8
var express = require('express');
var app = express();
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(express.session({secret: "some secret key"}));
app.use(app.router);
app.use(express.static(path.join(__dirname, 'public')));
var express = require('express');
var app = express(); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.cookieParser()); app.use(express.session({secret: "some secret key"})); app.use(app.router); app.use(express.static(path.join(__dirname, 'public')));
express.bodyParser extensible request body parser express.methodOverride faux HTTP method support express.cookieParser cookie parser express.session session management support with bundled MemoryStore express.static streaming static file server supporting Range and more express.directory directory listing middleware
For list of all supported middleware, visit senchalabs Also check the list of all the 3rd-party middleware supported by Connect.
Note: Ordering of these middleware is very important. For Example: 1. You can only override method after you’ve parsed the body, so methodOverride() must come only after bodyParser() 2. Similarly, session middleware depends on cookieParser(), so session middleware must come only after cookieParser()
As your application becomes popular you’ll need middlewares to handle csrf( Cross-site request forgery ), DDos attacks etc. Also it’s very important to validate the user requests before you allow the user request to fetch the data from your database. Learn to use middleware properly, and I’m sure, it’ll be a life-saver for your application.
Here we have an array of objects – which in real-time application we get from a database ( Ex: MongoDB ). Now we define a route, and get two params in a single URL. By fetching and parsing those two params, we pass it to slice method of array and get array objects within the range/limit. Also note the use of response in json formatting while sending the data using response object.
Regular Expressions in Routes: Express app.js
1
2
3
4
5
6
7
8
9
app.get(/\/user\/(\d*)\/?(edit)?/, function(req, res){
if(req.params[0])
res.send("Viewing user id: "+req.params[0]);
else if(req.params[1])
res.send("editing user with an id "+req.params[0]);
else
res.send("Enter User ID!!");
});
app.get(/\/user\/(\d*)\/?(edit)?/, function(req, res){
if(req.params[0]) res.send("Viewing user id: "+req.params[0]);
else if(req.params[1]) res.send("editing user with an id "+req.params[0]);
else res.send("Enter User ID!!");
});
we enter our regular expression between two forward slashes. And to escape the forward slash present inside our regular expression, we make use of escape character i.e., a back slash. After /user/ we can have zero or more digits, after that an optional edit keyword followed by an optional trailing forward slash.
These routes match our pattern: /user/ /user/userId/ /user/userId/edit /user/userId/edit/
Depending on which URL the user is requesting, we could serve the purpose, using conditionals.
Note: In our example we are simply displaying the view and edit modes. But in real-time applications you could replace it with some database queries and make sure the operations makes proper sense.
When we request information of particular user by using his username in the URL, it fetches the username using request object and displays appropriate message. Example: If the user requests /user/Satish it’ll output Satish’s profile!
Public Folder
If we put some files inside our public directory, it would be convenient if some middlewares fetch the files directly upon user request, instead of writing routes for all those files. Connect module which is a dependency of Express web framework takes care of this.
Middleware for public folder files app.js
1
2
3
4
5
6
var express = require('express');
var path = require('path');
var app = express();
app.use(express.static(path.join(__dirname, 'public')));
var express = require('express');
var path = require('path');
var app = express(); app.use(express.static(path.join(__dirname, 'public')));
If you want your custom routes to be checked before the public folder, then you could specify it using another middleware, i.e., app.router
Note that, the ordering of Middleware is significant.
Sending HTML in Routs: Express app.js
1
2
3
4
5
6
7
8
9
10
app.get('/', function(req, res){
var msg = [
"<h1>I love Google..</h1>",
"<p>Because they make awesome products",
"<br />like my Nexus 7 Tablet",
"which is so amazing!"
].join("\n");
res.send(msg);
});
</p>
app.get('/', function(req, res){ var msg = [ "<h1>I love Google..</h1>", "<p>Because they make awesome products", "<br />like my Nexus 7 Tablet", "which is so amazing!" ].join("\n"); res.send(msg);
});
</p>
This would out put with all HTML semantics on the browser.
Get, Post, Put, Delete Requests Web browsers by default support only get and post requests. But we can override methods and make sure our Node.js application supports even the Put and Delete requests.
Post Request HTML Form index.html present in public directory
Here we have a form with post method and also take note of action field value.
POST Route app.js
1
2
3
4
5
app.use(express.bodyParser());
app.post('/user', function(req, res){
res.send("Submitted user's name is: "+req.body.name);
});
app.use(express.bodyParser());
app.post('/user', function(req, res){ res.send("Submitted user's name is: "+req.body.name);
});
Inorder to parse the HTML page, you’ll need bodyParser middleware. Once you have it in place you can get form field entries and use it to insert the data into database or simply display as in our case with this example.
We could similarly write code for PUT and DELETE requests. PUT & DELETE Routes app.js
1
2
3
4
5
6
7
8
9
10
app.use(express.bodyParser());
app.use(express.methodOverride());
app.put('/user/:userId', function(req, res){
res.send("Editing user with userid: "+req.params.userId);
});
app.delete('/user/:userId', function(req, res){
res.send("Editing user with userid: "+req.params.userId);
});
app.use(express.bodyParser());
app.use(express.methodOverride());
app.put('/user/:userId', function(req, res){ res.send("Editing user with userid: "+req.params.userId);
});
app.delete('/user/:userId', function(req, res){ res.send("Editing user with userid: "+req.params.userId);
});
By getting the unique userId of the user, you could fetch the data from database and make changes and update the information using Put request. Similarly, using the unique userId of the user, you could select and delete the information about the user!
Separating Route Files As your application grows, its hard to keep the code cleaner and maintainable, so it’s always a good idea to separate these kind of information from the main application file. So we create a file called routes and include it as a local module in our main application file.
External Route File /routes/index.js
1
2
3
4
5
6
7
/*
* GET home page.
*/
exports.index = function(req, res){
res.send('Google Nexus 5 To Be Release Shortly ..');
};
/* * GET home page. */exports.index = function(req, res){ res.send('Google Nexus 5 To Be Release Shortly ..');
};
exports is a global provided by node.js index is a name given by us; it’s a property name and we assign a function to it.
Accessing External Route File app.js
1
2
3
var routes = require('./routes');
app.get('/', routes.index);
var routes = require('./routes');
app.get('/', routes.index);
This would output: Google Nexus 5 To Be Release Shortly ..