1
00:00:00,000 --> 00:00:04,514
[MUSIC]

2
00:00:04,514 --> 00:00:09,803
In this exercise, we will look
at the use of Express sessions.

3
00:00:09,803 --> 00:00:13,115
We'll set up the express-sessions
middleware, and

4
00:00:13,115 --> 00:00:16,356
then the express-sessions
file store middleware.

5
00:00:16,356 --> 00:00:21,315
And then set up our application to
use express-sessions rather than

6
00:00:21,315 --> 00:00:25,885
using their assign cookies as
we did in the previous exercise.

7
00:00:25,885 --> 00:00:30,870
We will also see how the session
information itself tracked under

8
00:00:30,870 --> 00:00:32,145
server-side.

9
00:00:33,750 --> 00:00:36,556
To get started with this exercise,

10
00:00:36,556 --> 00:00:40,672
go to the conFusionServer
folder in your terminal or

11
00:00:40,672 --> 00:00:45,643
command window, and
then let's install express-session.

12
00:00:45,643 --> 00:00:52,672
So to do that,
type npm install express-session,

13
00:00:52,672 --> 00:00:56,678
and then session file store.

14
00:00:58,792 --> 00:01:03,320
Because we'll be using the file store for
persisting the session information.

15
00:01:03,320 --> 00:01:08,623
So will install the session-store
in here module for the purpose.

16
00:01:08,623 --> 00:01:13,399
Once both of these are installed,
and as you can see right now,

17
00:01:13,399 --> 00:01:17,008
I'm using express-session 1.15.6 and

18
00:01:17,008 --> 00:01:21,430
session-file-storage 1.2.0 in this course.

19
00:01:21,430 --> 00:01:26,397
Once both of them are installed, let's
go to our conFusionServer application.

20
00:01:27,510 --> 00:01:31,868
Going to the conFusionServer application,

21
00:01:31,868 --> 00:01:36,921
up here,
let's now import the express-session.

22
00:01:36,921 --> 00:01:44,414
So we'll say, var session require,
express session.

23
00:01:46,639 --> 00:01:53,560
And var FileStore = require

24
00:01:53,560 --> 00:01:59,908
session -file-store.

25
00:02:02,812 --> 00:02:07,064
And this takes the session
as its parameters,

26
00:02:07,064 --> 00:02:13,830
this session referring to this
that we've just imported on here.

27
00:02:13,830 --> 00:02:18,970
Now once we do this,
then we go down into our code here,

28
00:02:18,970 --> 00:02:22,490
and then we'll see instead
of the cookieParser.

29
00:02:22,490 --> 00:02:26,598
So I'm going to comment out
the cookieParser from there, and

30
00:02:26,598 --> 00:02:33,401
then I will now use, Session here.

31
00:02:36,481 --> 00:02:41,823
And then, we'll set up the session with

32
00:02:41,823 --> 00:02:47,175
the various options, we'll say name,

33
00:02:50,402 --> 00:02:56,909
I'm just using a random session-id here,
and then, Secret.

34
00:02:58,871 --> 00:03:02,880
I will use the secret that I used earlier.

35
00:03:02,880 --> 00:03:06,493
So let me just copy that string there.

36
00:03:06,493 --> 00:03:11,981
And then, Save,

37
00:03:13,422 --> 00:03:21,119
On, Uninitialized save false.

38
00:03:27,180 --> 00:03:28,390
Resave, false.

39
00:03:28,390 --> 00:03:32,198
Theses won't make much different to the
simple application that we are writing at

40
00:03:32,198 --> 00:03:33,330
this moment.

41
00:03:33,330 --> 00:03:37,604
And then we'll say store is new,

42
00:03:39,643 --> 00:03:42,497
FileStore that we declared earlier.

43
00:03:45,441 --> 00:03:46,330
That's it.

44
00:03:46,330 --> 00:03:53,330
Now my session middleware is all set
up to make use of our application.

45
00:03:53,330 --> 00:03:58,295
Now, as I mentioned,
this session middleware will add this

46
00:03:58,295 --> 00:04:03,560
req.session to the request message,

47
00:04:03,560 --> 00:04:08,630
so I'm going to do a console log of
req.session just to see what it contains.

48
00:04:08,630 --> 00:04:13,910
And then, down below here, instead of
checking for req assign cookies user,

49
00:04:13,910 --> 00:04:18,370
I'm going to check for
req.session.user here.

50
00:04:19,390 --> 00:04:23,620
And then, we'll look at
the authorization header, and so on.

51
00:04:23,620 --> 00:04:27,460
All this part will remain
exactly the same as before.

52
00:04:27,460 --> 00:04:32,760
But here, instead of setting up
the cookie, what I will set up here is,

53
00:04:32,760 --> 00:04:38,052
instead of setting up the cookie, so
instead of using res.cookie here,

54
00:04:38,052 --> 00:04:45,470
we'll say, req.session.user = to 'admin'.

55
00:04:45,470 --> 00:04:50,030
So we are going to be setting
up the user property on

56
00:04:50,030 --> 00:04:55,510
the req-session to admin here, and
then proceed forward from this point.

57
00:04:55,510 --> 00:04:59,090
So the rest of the code here will
remain exactly the same as before,

58
00:04:59,090 --> 00:05:01,030
there won't be any change here.

59
00:05:01,030 --> 00:05:06,240
And accept right there,
we're going to be checking req.session,

60
00:05:09,462 --> 00:05:11,770
user, is admin or not?

61
00:05:11,770 --> 00:05:14,340
So that is the check that
we're going to be doing here.

62
00:05:14,340 --> 00:05:15,360
That's it.

63
00:05:15,360 --> 00:05:18,820
Those are the changes
that we need to do to our

64
00:05:18,820 --> 00:05:23,850
application in order to use sessions
in the place of signed cookies.

65
00:05:23,850 --> 00:05:30,040
Let's save the changes and then look
at this version of our express server.

66
00:05:30,040 --> 00:05:34,480
Going back to our terminal or
command window, let's restart our

67
00:05:35,600 --> 00:05:39,860
server, if you're server has been running,
just stop it and restart the server.

68
00:05:40,870 --> 00:05:42,730
And then once the server is up and
running,

69
00:05:42,730 --> 00:05:48,600
we'll go to postman and
do if you requests.

70
00:05:48,600 --> 00:05:56,350
Going to postman,
let me clear out all these things,

71
00:05:56,350 --> 00:06:01,970
we'll clear out the headers,
we'll clear out the authorization.

72
00:06:01,970 --> 00:06:03,630
And then I will go to cookies, and

73
00:06:03,630 --> 00:06:08,540
I'm going to delete this user cookie,
because that cookie is no longer valid.

74
00:06:08,540 --> 00:06:16,030
And then, let's send a get request to,
The local host dishes.

75
00:06:16,030 --> 00:06:21,160
And then as we expect, it comes back
saying, You are not authenticated.

76
00:06:21,160 --> 00:06:24,520
Now, so let's authenticate ourselves
using basic authentication.

77
00:06:24,520 --> 00:06:29,483
So we'll say, admin, Password.

78
00:06:29,483 --> 00:06:32,223
And then we'll update the request and

79
00:06:32,223 --> 00:06:35,740
then we'll send a GET
request to the same point.

80
00:06:35,740 --> 00:06:39,400
And then, we get the reply
back from our server-side.

81
00:06:39,400 --> 00:06:46,000
Now, note that in the headers,
now you'll see again it said cookie here.

82
00:06:46,000 --> 00:06:52,500
Now this has been caused
by the session store here.

83
00:06:52,500 --> 00:06:57,492
And, when you look at the cookies, you see
that there has been another cookie that

84
00:06:57,492 --> 00:07:02,570
is set up here and the name is session-id.

85
00:07:02,570 --> 00:07:06,398
So this is the name that we give for
our session there, so

86
00:07:06,398 --> 00:07:09,744
that's the session-id
that we are using here.

87
00:07:11,172 --> 00:07:16,880
And if you click on cookies, you will
notice that session-id is right there.

88
00:07:16,880 --> 00:07:22,102
And then, this are the details of
what is inside that cookie there.

89
00:07:22,102 --> 00:07:26,816
So you can notice a whole bunch of
information and the expiry date for

90
00:07:26,816 --> 00:07:28,940
the cookie, and so on.

91
00:07:28,940 --> 00:07:33,703
This may not make much sense to you
at this moment, but it exists there.

92
00:07:33,703 --> 00:07:38,110
Now, let me clear out the authorization.

93
00:07:38,110 --> 00:07:42,140
And also from the header,
let me remove this authorization header.

94
00:07:42,140 --> 00:07:45,312
And then I will resend the request, and

95
00:07:45,312 --> 00:07:51,094
you will notice that this request
will be correctly serviced even now.

96
00:07:51,094 --> 00:07:54,061
Because of the fact that
this cookie exists,

97
00:07:54,061 --> 00:07:58,250
and this cookie will be included
in the outgoing request.

98
00:07:58,250 --> 00:08:01,400
And the server-side will map
this to the appropriate session.

99
00:08:02,922 --> 00:08:07,375
And so, the server realizes that
this is an authorized user and

100
00:08:07,375 --> 00:08:10,042
will send back the reply.

101
00:08:10,042 --> 00:08:17,004
Now going to our server console in
the terminal or the command window,

102
00:08:17,004 --> 00:08:23,080
you notice that the, Information
being printed on the server-side.

103
00:08:23,080 --> 00:08:27,460
So see, you recall that I was
logging the req.session here.

104
00:08:27,460 --> 00:08:30,780
So this is where the req.session
contains initially.

105
00:08:30,780 --> 00:08:36,940
And then it says,
GET dishes for one not valid.

106
00:08:36,940 --> 00:08:43,620
At this point, you are sending in the
appropriate authorization header there.

107
00:08:43,620 --> 00:08:48,365
And so your request success properly.

108
00:08:48,365 --> 00:08:53,080
But the note, what is being put out
in the session in the next request.

109
00:08:53,080 --> 00:08:58,080
Recall that I removed the authorizations
header and then send the request.

110
00:08:58,080 --> 00:09:00,960
But note what the rec.session
contains here.

111
00:09:00,960 --> 00:09:03,088
In particular note that,

112
00:09:03,088 --> 00:09:08,129
it now contains this user field
with the admin in place there.

113
00:09:09,280 --> 00:09:15,120
So this is what the server receives
from our client-side in the cookie.

114
00:09:15,120 --> 00:09:18,690
And the cookie itself contains
all this information here.

115
00:09:18,690 --> 00:09:22,987
And so, the server is recognizing
that this is a valid user, and

116
00:09:22,987 --> 00:09:27,249
then sends back the results
from that server-side.

117
00:09:27,249 --> 00:09:28,337
Going to postman,

118
00:09:28,337 --> 00:09:32,220
let's again take a look at the details
of what is inside the cookie.

119
00:09:32,220 --> 00:09:34,137
So when you open the cookie here,

120
00:09:34,137 --> 00:09:39,103
you again see all the details of
the information inside the cookie here.

121
00:09:39,103 --> 00:09:43,026
If you look at your editor,
you now see that in your editor,

122
00:09:43,026 --> 00:09:48,140
there is a new folder here called
sessions that has been created here.

123
00:09:48,140 --> 00:09:52,320
Now this is because we
were using file store to

124
00:09:52,320 --> 00:09:54,130
keep track of all of our sessions.

125
00:09:54,130 --> 00:09:58,180
Now that's one of the reasons why I use
the file store so that I can show you what

126
00:09:58,180 --> 00:10:03,320
is stored in a session
file on my server-side.

127
00:10:03,320 --> 00:10:08,430
So if you open this file here
with the long name there,

128
00:10:08,430 --> 00:10:13,890
you would see inside there,
the session information being stored here.

129
00:10:13,890 --> 00:10:19,460
So if you browse this session information,
note in particular,

130
00:10:19,460 --> 00:10:22,880
this initial field that
is in the server-side.

131
00:10:22,880 --> 00:10:27,930
So this is where your server is tracking
all this information on the server-side.

132
00:10:27,930 --> 00:10:32,650
Now this cookie itself is
recognized by the server,

133
00:10:32,650 --> 00:10:36,630
since the client includes this
cookie in the incoming request.

134
00:10:36,630 --> 00:10:41,330
Now it is able to go into the sessions
store and then retrieve the information,

135
00:10:41,330 --> 00:10:44,870
and then load up this
onto the req.sessions.

136
00:10:44,870 --> 00:10:49,800
And hence, the req.session contains
this particular information in there

137
00:10:49,800 --> 00:10:54,810
which my server is using to
cross-check to make sure that

138
00:10:54,810 --> 00:10:57,710
my client is an authorized client.

139
00:10:57,710 --> 00:11:00,010
That is it about sessions.

140
00:11:00,010 --> 00:11:03,230
With this, we complete this exercise.

141
00:11:03,230 --> 00:11:04,100
In this exercise,

142
00:11:04,100 --> 00:11:08,630
we have seen how we can set up our
express application to use sessions.

143
00:11:08,630 --> 00:11:13,751
And we also saw how we are using the file
store to keep track of our sessions.

144
00:11:13,751 --> 00:11:18,360
This is a good time for
you to do a GET comment with

145
00:11:18,360 --> 00:11:22,291
the message express sessions part one.

146
00:11:22,291 --> 00:11:25,521
[MUSIC]