New lesson: Sessions #29082
Open
New lesson: Sessions #29082
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'Persisting logins' was a glorified intro anyway
Only up to the original login process
Reordered setup code blocks for easier content flow. Decided to introduce the session store and secret explanations here instead of their own sections later on (not really needed there).
New order allows for a more natural way of explaining how express-session populates req.session. That can be explained at the start and options explained to reflect that, instead of explaining options in a bit of a black hole then provide the context later in the lesson.
Made more sense to talk about logging out after logging in, then talk about password hashing afterwords.
Use subsections for better content organisation and linking
"Session-based authentication" is a more appropriate title for the lesson than just "Sessions", given that sessions are not exclusively used for auth purposes.
Makes sense to showcase them directly rather than just via text example after the fact
damon314159
reviewed
Nov 16, 2024
damon314159
reviewed
Nov 16, 2024
damon314159
reviewed
Nov 16, 2024
Prevent timing attack
Prevent confusion with POST as an HTTP verb
mao-sz
force-pushed
the
node-revamp-sessions
branch
from
c096d97 to
9a8148c
Compare
01zulfi
added
the
Project Node Revamp
01zulfi
requested changes
Mar 16, 2025
Co-authored-by: 01zulfi <[email protected]>
Link to connect-pg-simple's SQL queries for this may be useful for learners to look at.
Explicit `.save()` call required as per docs to force saving the session before a redirect potentially triggers a page load: https://expressjs.com/en/resources/middleware/session.html#:~:text=Session.save(callback)
Prefixes only necessary if TheOdinProject#28372 gets merged. Until then, they are not necessary.
mao-sz
force-pushed
the
node-revamp-sessions
branch
from
aba84a1 to
ebbf606
Compare
IMHO, pairs a little better with a 'JSON Web Tokens' lesson since it doesn't follow the '*-based authentication' pattern
01zulfi
requested changes
Apr 17, 2025
nodeJS/authentication/sessions.md
Outdated
| } else { | ||
| const { rows } = await pool.query( | ||
| "SELECT * FROM users WHERE id = $1", | ||
| [req.session.userId], |
There was a problem hiding this comment.
I think this might feel a bit magical to the learner. Hopefully some changes above might help
There was a problem hiding this comment.
Let me know how the changes feel in regards to this bit.
Quotes changed to double for lesson consistency
mao-sz
force-pushed
the
node-revamp-sessions
branch
from
635e27a to
165df10
Compare
else block not necessary with early return
Effectively built-in express-async-handler behaviour now. https://expressjs.com/en/guide/migrating-5.html#rejected-promises
01zulfi
approved these changes
May 24, 2025
"Session management" used in later lessons and linked resources to describe the more general concept of persisting user interaction data between requests, even when stateful sessions are not used.
|
Added a little terminology clarification note box now that later lessons have been written. The term "session management" as a more general concept (not specifically stateful sessions) is used in later lessons as well as linked resources, so it'd probably be sensible to clarify that terminology at the start to reduce confusion later on. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Because
As part of the Node revamp's 2nd milestone
This PR
Issue
Closes #28847
Additional Information
Pull Request Requirements
location of change: brief description of changeformat, e.g.Intro to HTML and CSS lesson: Fix link textBecausesection summarizes the reason for this PRThis PRsection has a bullet point list describing the changes in this PRIssuesection